add aio directives and DoS mitigation
This commit is contained in:
parent
91812b185a
commit
e1adbe22f5
|
@ -23,13 +23,13 @@ http {
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
add_header X-Powered-By "EasyEngine & Optimized by VirtuBox";
|
add_header X-Powered-By "EasyEngine v3.7.5 - Optimized by VirtuBox";
|
||||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||||
|
|
||||||
# Limit Request
|
|
||||||
limit_req_status 403;
|
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
|
||||||
|
|
||||||
|
# Limit Request
|
||||||
|
limit_req_status 403;
|
||||||
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||||
|
|
||||||
#Simple DOS mitigation
|
#Simple DOS mitigation
|
||||||
##Max c/s by ip
|
##Max c/s by ip
|
||||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||||
|
@ -46,32 +46,32 @@ http {
|
||||||
fastcgi_read_timeout 300;
|
fastcgi_read_timeout 300;
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|
||||||
open_file_cache max=10000 inactive=5m;
|
#See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
|
||||||
open_file_cache_valid 2m;
|
aio threads;
|
||||||
open_file_cache_min_uses 1;
|
|
||||||
open_file_cache_errors on;
|
|
||||||
|
|
||||||
|
|
||||||
#GeoIP (optional)
|
|
||||||
#geoip_country /usr/local/share/GeoIP/GeoIP.dat;
|
|
||||||
#geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# TLS Settings
|
# GeoIP module configuration, before removing comments
|
||||||
|
# read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
|
||||||
|
##
|
||||||
|
#geoip_country /usr/share/GeoIP/GeoIP.dat;
|
||||||
|
#geoip_city /usr/share/GeoIP/GeoIPCity.dat;
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
##
|
##
|
||||||
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EECDH+CHACHA20';
|
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM';
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_cache shared:SSL:20m;
|
ssl_session_cache shared:SSL:20m;
|
||||||
ssl_session_timeout 15m;
|
ssl_session_timeout 15m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
|
ssl_ecdh_curve X25519:P-256:P-384:P-521;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Basic Settings
|
# Basic Settings
|
||||||
##
|
##
|
||||||
server_names_hash_bucket_size 64;
|
# server_names_hash_bucket_size 64;
|
||||||
# server_name_in_redirect off;
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
|
@ -79,11 +79,11 @@ http {
|
||||||
|
|
||||||
##
|
##
|
||||||
# Logging Settings
|
# Logging Settings
|
||||||
|
# access_log disabled for performance
|
||||||
##
|
##
|
||||||
|
|
||||||
#access_log /var/log/nginx/access.log; #Disabled for performance
|
access_log off;
|
||||||
access_log off;
|
error_log /var/log/nginx/error.log;
|
||||||
error_log /var/log/nginx/error.log;
|
|
||||||
|
|
||||||
# Log format Settings
|
# Log format Settings
|
||||||
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
||||||
|
@ -152,3 +152,24 @@ http {
|
||||||
include /etc/nginx/sites-enabled/*;
|
include /etc/nginx/sites-enabled/*;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#mail {
|
||||||
|
# # See sample authentication script at:
|
||||||
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||||
|
#
|
||||||
|
# # auth_http localhost/auth.php;
|
||||||
|
# # pop3_capabilities "TOP" "USER";
|
||||||
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:110;
|
||||||
|
# protocol pop3;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:143;
|
||||||
|
# protocol imap;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
Loading…
Reference in New Issue