Browse Source

comment requests/connections limitation

optional settings, can be uncommented if needed
develop
VirtuBox 2 years ago
parent
commit
d27244a7a8
4 changed files with 16 additions and 14 deletions
  1. +2
    -1
      etc/nginx/common/ocsp.conf
  2. +4
    -4
      etc/nginx/nginx-intermediate.conf
  3. +4
    -4
      etc/nginx/nginx-tlsv12.conf
  4. +6
    -5
      etc/nginx/nginx.conf

+ 2
- 1
etc/nginx/common/ocsp.conf View File

@@ -1,5 +1,6 @@
##OCSP settings
ssl_stapling on;
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=300s;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
resolver_timeout 5s;

+ 4
- 4
etc/nginx/nginx-intermediate.conf View File

@@ -34,12 +34,12 @@ http

#Simple DOS mitigation
##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40;
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
#limit_conn limit_per_ip 80;

##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay;
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
#limit_req zone=allips burst=400 nodelay;

# Proxy Settings
# set_real_ip_from proxy-server-ip;


+ 4
- 4
etc/nginx/nginx-tlsv12.conf View File

@@ -34,12 +34,12 @@ http

#Simple DOS mitigation
##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40;
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
#limit_conn limit_per_ip 80;

##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay;
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
#limit_req zone=allips burst=400 nodelay;

# Proxy Settings
# set_real_ip_from proxy-server-ip;


+ 6
- 5
etc/nginx/nginx.conf View File

@@ -34,12 +34,12 @@ http

#Simple DOS mitigation
##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40;
#limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
#limit_conn limit_per_ip 80;

##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay;
#limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
#limit_req zone=allips burst=400 nodelay;

# Proxy Settings
# set_real_ip_from proxy-server-ip;
@@ -71,12 +71,13 @@ http
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
##Common headers for security
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
##
# Basic Settings
##


Loading…
Cancel
Save