Browse Source

add ipscrub configuration

anonymise visitors IPs to be GDPR compliant
develop
VirtuBox 2 years ago
parent
commit
100b7f2213
6 changed files with 31 additions and 10 deletions
  1. +6
    -3
      etc/nginx/nginx-intermediate.conf
  2. +6
    -3
      etc/nginx/nginx-tlsv12.conf
  3. +6
    -3
      etc/nginx/nginx.conf
  4. +1
    -1
      etc/nginx/sites-available/22222
  5. +3
    -0
      etc/nginx/sites-available/default
  6. +9
    -0
      scripts/freshclam

+ 6
- 3
etc/nginx/nginx-intermediate.conf View File

@@ -30,7 +30,7 @@ http

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;

#Simple DOS mitigation
##Max c/s by ip
@@ -97,9 +97,12 @@ http
error_log /var/log/nginx/error.log;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;

##
# Gzip Settings


+ 6
- 3
etc/nginx/nginx-tlsv12.conf View File

@@ -30,7 +30,7 @@ http

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;

#Simple DOS mitigation
##Max c/s by ip
@@ -95,9 +95,12 @@ http
error_log /var/log/nginx/error.log;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;

##
# Gzip Settings


+ 6
- 3
etc/nginx/nginx.conf View File

@@ -30,7 +30,7 @@ http

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;

#Simple DOS mitigation
##Max c/s by ip
@@ -96,9 +96,12 @@ http
error_log /var/log/nginx/error.log;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;

##
# Gzip Settings


+ 1
- 1
etc/nginx/sites-available/22222 View File

@@ -4,7 +4,7 @@ server {

listen 22222 default_server ssl http2;

access_log /var/log/nginx/22222.access.log rt_cache;
access_log off;
error_log /var/log/nginx/22222.error.log;

ssl_certificate /var/www/22222/cert/22222.crt;


+ 3
- 0
etc/nginx/sites-available/default View File

@@ -37,6 +37,9 @@ server {
index index.html index.htm index.nginx-debian.html;

server_name _;
access_log off;
error_log /var/log/nginx/default.error.log;

location / {
# First attempt to serve request as file, then


+ 9
- 0
scripts/freshclam View File

@@ -0,0 +1,9 @@
#!/bin/sh
# make sure the process is stopped
/etc/init.d/clamav-freshclam stop

# check if database is outdated
/usr/bin/freshclam -v >> /var/log/result_freshclam.log

# update virus database
/etc/init.d/clamav-freshclam start

Loading…
Cancel
Save