add ipscrub configuration
anonymise visitors IPs to be GDPR compliant
Cette révision appartient à :
Parent
78099be3af
révision
100b7f2213
|
@ -30,7 +30,7 @@ http
|
|||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
|
@ -97,9 +97,12 @@ http
|
|||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
|
|
|
@ -30,7 +30,7 @@ http
|
|||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
|
@ -95,9 +95,12 @@ http
|
|||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
|
|
|
@ -30,7 +30,7 @@ http
|
|||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
|
@ -96,9 +96,12 @@ http
|
|||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
'$http_host "$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||
|
||||
# ipscrub settings
|
||||
ipscrub_period_seconds 3600;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
|
|
|
@ -4,7 +4,7 @@ server {
|
|||
|
||||
listen 22222 default_server ssl http2;
|
||||
|
||||
access_log /var/log/nginx/22222.access.log rt_cache;
|
||||
access_log off;
|
||||
error_log /var/log/nginx/22222.error.log;
|
||||
|
||||
ssl_certificate /var/www/22222/cert/22222.crt;
|
||||
|
|
|
@ -37,6 +37,9 @@ server {
|
|||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name _;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/default.error.log;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
# make sure the process is stopped
|
||||
/etc/init.d/clamav-freshclam stop
|
||||
|
||||
# check if database is outdated
|
||||
/usr/bin/freshclam -v >> /var/log/result_freshclam.log
|
||||
|
||||
# update virus database
|
||||
/etc/init.d/clamav-freshclam start
|
Chargement…
Référencer dans un nouveau ticket