add ipscrub configuration

anonymise visitors IPs to be GDPR compliant
This commit is contained in:
VirtuBox 2018-05-28 02:40:37 +02:00
parent 78099be3af
commit 100b7f2213
6 changed files with 31 additions and 10 deletions

View File

@ -30,7 +30,7 @@ http
# Limit Request # Limit Request
limit_req_status 403; limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
@ -97,9 +97,12 @@ http
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
# Log format Settings # Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent ' '$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
## ##
# Gzip Settings # Gzip Settings

View File

@ -30,7 +30,7 @@ http
# Limit Request # Limit Request
limit_req_status 403; limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
@ -95,9 +95,12 @@ http
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
# Log format Settings # Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent ' '$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
## ##
# Gzip Settings # Gzip Settings

View File

@ -30,7 +30,7 @@ http
# Limit Request # Limit Request
limit_req_status 403; limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
@ -96,9 +96,12 @@ http
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
# Log format Settings # Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent ' '$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
## ##
# Gzip Settings # Gzip Settings

View File

@ -4,7 +4,7 @@ server {
listen 22222 default_server ssl http2; listen 22222 default_server ssl http2;
access_log /var/log/nginx/22222.access.log rt_cache; access_log off;
error_log /var/log/nginx/22222.error.log; error_log /var/log/nginx/22222.error.log;
ssl_certificate /var/www/22222/cert/22222.crt; ssl_certificate /var/www/22222/cert/22222.crt;

View File

@ -37,6 +37,9 @@ server {
index index.html index.htm index.nginx-debian.html; index index.html index.htm index.nginx-debian.html;
server_name _; server_name _;
access_log off;
error_log /var/log/nginx/default.error.log;
location / { location / {
# First attempt to serve request as file, then # First attempt to serve request as file, then

9
scripts/freshclam Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# make sure the process is stopped
/etc/init.d/clamav-freshclam stop
# check if database is outdated
/usr/bin/freshclam -v >> /var/log/result_freshclam.log
# update virus database
/etc/init.d/clamav-freshclam start