comment requests/connections limitation
optional settings, can be uncommented if needed
This commit is contained in:
parent
bba302d253
commit
d27244a7a8
|
@ -1,5 +1,6 @@
|
|||
##OCSP settings
|
||||
ssl_stapling on;
|
||||
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=300s;
|
||||
ssl_stapling_verify on;
|
||||
resolver 8.8.4.4 8.8.8.8 valid=300s;
|
||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
||||
resolver_timeout 5s;
|
|
@ -34,12 +34,12 @@ http
|
|||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
limit_conn limit_per_ip 40;
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
limit_req zone=allips burst=400 nodelay;
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
|
|
|
@ -34,12 +34,12 @@ http
|
|||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
limit_conn limit_per_ip 40;
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
limit_req zone=allips burst=400 nodelay;
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
|
|
|
@ -34,12 +34,12 @@ http
|
|||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
limit_conn limit_per_ip 40;
|
||||
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
#limit_conn limit_per_ip 80;
|
||||
|
||||
##Max rq/s by ip
|
||||
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
limit_req zone=allips burst=400 nodelay;
|
||||
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
|
||||
#limit_req zone=allips burst=400 nodelay;
|
||||
|
||||
# Proxy Settings
|
||||
# set_real_ip_from proxy-server-ip;
|
||||
|
@ -71,12 +71,13 @@ http
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
||||
|
||||
|
||||
##Common headers for security
|
||||
more_set_headers "X-Frame-Options : SAMEORIGIN";
|
||||
more_set_headers "X-Xss-Protection : 1; mode=block";
|
||||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
|
Loading…
Reference in New Issue