add ipscrub configuration
anonymise visitors IPs to be GDPR compliant
This commit is contained in:
parent
78099be3af
commit
100b7f2213
|
@ -30,7 +30,7 @@ http
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
limit_req_status 403;
|
limit_req_status 403;
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||||
|
|
||||||
#Simple DOS mitigation
|
#Simple DOS mitigation
|
||||||
##Max c/s by ip
|
##Max c/s by ip
|
||||||
|
@ -97,9 +97,12 @@ http
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
# Log format Settings
|
# Log format Settings
|
||||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||||
'$http_host "$request" $status $body_bytes_sent '
|
'$http_host "$request" $status $body_bytes_sent '
|
||||||
'"$http_referer" "$http_user_agent"';
|
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||||
|
|
||||||
|
# ipscrub settings
|
||||||
|
ipscrub_period_seconds 3600;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Gzip Settings
|
# Gzip Settings
|
||||||
|
|
|
@ -30,7 +30,7 @@ http
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
limit_req_status 403;
|
limit_req_status 403;
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||||
|
|
||||||
#Simple DOS mitigation
|
#Simple DOS mitigation
|
||||||
##Max c/s by ip
|
##Max c/s by ip
|
||||||
|
@ -95,9 +95,12 @@ http
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
# Log format Settings
|
# Log format Settings
|
||||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||||
'$http_host "$request" $status $body_bytes_sent '
|
'$http_host "$request" $status $body_bytes_sent '
|
||||||
'"$http_referer" "$http_user_agent"';
|
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||||
|
|
||||||
|
# ipscrub settings
|
||||||
|
ipscrub_period_seconds 3600;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Gzip Settings
|
# Gzip Settings
|
||||||
|
|
|
@ -30,7 +30,7 @@ http
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
limit_req_status 403;
|
limit_req_status 403;
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
|
||||||
|
|
||||||
#Simple DOS mitigation
|
#Simple DOS mitigation
|
||||||
##Max c/s by ip
|
##Max c/s by ip
|
||||||
|
@ -96,9 +96,12 @@ http
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
# Log format Settings
|
# Log format Settings
|
||||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
|
||||||
'$http_host "$request" $status $body_bytes_sent '
|
'$http_host "$request" $status $body_bytes_sent '
|
||||||
'"$http_referer" "$http_user_agent"';
|
'"$http_referer" "$http_user_agent" $server_protocol';
|
||||||
|
|
||||||
|
# ipscrub settings
|
||||||
|
ipscrub_period_seconds 3600;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Gzip Settings
|
# Gzip Settings
|
||||||
|
|
|
@ -4,7 +4,7 @@ server {
|
||||||
|
|
||||||
listen 22222 default_server ssl http2;
|
listen 22222 default_server ssl http2;
|
||||||
|
|
||||||
access_log /var/log/nginx/22222.access.log rt_cache;
|
access_log off;
|
||||||
error_log /var/log/nginx/22222.error.log;
|
error_log /var/log/nginx/22222.error.log;
|
||||||
|
|
||||||
ssl_certificate /var/www/22222/cert/22222.crt;
|
ssl_certificate /var/www/22222/cert/22222.crt;
|
||||||
|
|
|
@ -37,6 +37,9 @@ server {
|
||||||
index index.html index.htm index.nginx-debian.html;
|
index index.html index.htm index.nginx-debian.html;
|
||||||
|
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
error_log /var/log/nginx/default.error.log;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# First attempt to serve request as file, then
|
# First attempt to serve request as file, then
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# make sure the process is stopped
|
||||||
|
/etc/init.d/clamav-freshclam stop
|
||||||
|
|
||||||
|
# check if database is outdated
|
||||||
|
/usr/bin/freshclam -v >> /var/log/result_freshclam.log
|
||||||
|
|
||||||
|
# update virus database
|
||||||
|
/etc/init.d/clamav-freshclam start
|
Loading…
Reference in New Issue