add aio directives and DoS mitigation
Cette révision appartient à :
GitHub
Parent
91812b185a
révision
e1adbe22f5
|
|
@ -23,13 +23,13 @@ http {
|
|||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine & Optimized by VirtuBox";
|
||||
add_header X-Powered-By "EasyEngine v3.7.5 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
|
||||
# Limit Request
|
||||
limit_req_status 403;
|
||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||
|
||||
#Simple DOS mitigation
|
||||
##Max c/s by ip
|
||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
|
|
@ -46,32 +46,32 @@ http {
|
|||
fastcgi_read_timeout 300;
|
||||
client_max_body_size 100m;
|
||||
|
||||
open_file_cache max=10000 inactive=5m;
|
||||
open_file_cache_valid 2m;
|
||||
open_file_cache_min_uses 1;
|
||||
open_file_cache_errors on;
|
||||
|
||||
|
||||
#GeoIP (optional)
|
||||
#geoip_country /usr/local/share/GeoIP/GeoIP.dat;
|
||||
#geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;
|
||||
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
|
||||
aio threads;
|
||||
|
||||
##
|
||||
# TLS Settings
|
||||
# GeoIP module configuration, before removing comments
|
||||
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
|
||||
##
|
||||
#geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||||
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EECDH+CHACHA20';
|
||||
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 15m;
|
||||
ssl_session_tickets off;
|
||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
||||
ssl_ecdh_curve X25519:P-256:P-384:P-521;
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
server_names_hash_bucket_size 64;
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
|
|
@ -79,11 +79,11 @@ http {
|
|||
|
||||
##
|
||||
# Logging Settings
|
||||
# access_log disabled for performance
|
||||
##
|
||||
|
||||
#access_log /var/log/nginx/access.log; #Disabled for performance
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# Log format Settings
|
||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||
|
|
@ -152,3 +152,24 @@ http {
|
|||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
||||
|
|
|
|||
Chargement…
Référencer dans un nouveau ticket