virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

comment requests/connections limitation 

optional settings, can be uncommented if needed
This commit is contained in:
VirtuBox 2018-04-14 18:59:50 +02:00
parent bba302d253
commit d27244a7a8
4 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/nginx/common/ocsp.conf
View File

@ -1,5 +1,6 @@
##OCSP settings ##OCSP settings
ssl_stapling on; ssl_stapling on;
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=300s;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s; #ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
resolver_timeout 5s; resolver_timeout 5s;

8
etc/nginx/nginx-intermediate.conf
View File

@ -34,12 +34,12 @@ http
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; #limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40; #limit_conn limit_per_ip 80;
##Max rq/s by ip ##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s; #limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay; #limit_req zone=allips burst=400 nodelay;
# Proxy Settings # Proxy Settings
# set_real_ip_from proxy-server-ip; # set_real_ip_from proxy-server-ip;

8
etc/nginx/nginx-tlsv12.conf
View File

@ -34,12 +34,12 @@ http
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; #limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40; #limit_conn limit_per_ip 80;
##Max rq/s by ip ##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s; #limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay; #limit_req zone=allips burst=400 nodelay;
# Proxy Settings # Proxy Settings
# set_real_ip_from proxy-server-ip; # set_real_ip_from proxy-server-ip;

11
etc/nginx/nginx.conf
View File

@ -34,12 +34,12 @@ http
#Simple DOS mitigation #Simple DOS mitigation
##Max c/s by ip ##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; #limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 40; #limit_conn limit_per_ip 80;
##Max rq/s by ip ##Max rq/s by ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s; #limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
limit_req zone=allips burst=400 nodelay; #limit_req zone=allips burst=400 nodelay;
# Proxy Settings # Proxy Settings
# set_real_ip_from proxy-server-ip; # set_real_ip_from proxy-server-ip;
@ -71,12 +71,13 @@ http
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_tickets off; ssl_session_tickets off;
ssl_ecdh_curve X25519:P-521:P-384:P-256; ssl_ecdh_curve X25519:P-521:P-384:P-256;
##Common headers for security ##Common headers for security
more_set_headers "X-Frame-Options : SAMEORIGIN"; more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block"; more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
## ##
# Basic Settings # Basic Settings
## ##