Browse Source

add aio directives and DoS mitigation

develop
VirtuBox 2 years ago
committed by GitHub
parent
commit
e1adbe22f5
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 21 deletions
  1. +42
    -21
      etc/nginx/nginx.conf

+ 42
- 21
etc/nginx/nginx.conf View File

@@ -23,13 +23,13 @@ http {

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine & Optimized by VirtuBox";
add_header X-Powered-By "EasyEngine v3.7.5 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
#Simple DOS mitigation
##Max c/s by ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
@@ -46,32 +46,32 @@ http {
fastcgi_read_timeout 300;
client_max_body_size 100m;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
#GeoIP (optional)
#geoip_country /usr/local/share/GeoIP/GeoIP.dat;
#geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
aio threads;
##
# TLS Settings
# GeoIP module configuration, before removing comments
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
##
#geoip_country /usr/share/GeoIP/GeoIP.dat;
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;

##
# SSL Settings
##

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EECDH+CHACHA20';
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
ssl_ecdh_curve X25519:P-256:P-384:P-521;
##
# Basic Settings
##
server_names_hash_bucket_size 64;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
@@ -79,11 +79,11 @@ http {

##
# Logging Settings
# access_log disabled for performance
##

#access_log /var/log/nginx/access.log; #Disabled for performance
access_log off;
error_log /var/log/nginx/error.log;
access_log off;
error_log /var/log/nginx/error.log;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
@@ -152,3 +152,24 @@ http {
include /etc/nginx/sites-enabled/*;
}


#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

Loading…
Cancel
Save