forked from mitchellkrogza/nginx-ultimate-bad-bot-blocker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SAMPLE-nginx.conf
86 lines (69 loc) · 1.99 KB
/
SAMPLE-nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
## SAMPLE nginx.conf file
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 90s;
keepalive_requests 1000;
server_tokens off;
client_body_buffer_size 32k;
client_header_buffer_size 1k;
client_max_body_size 50M;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
server_names_hash_max_size 4096;
large_client_header_buffers 4 16k;
# Our request limiter zone for wp-login attacks (used in Fail2Ban nginx-limit-req filter and jail)
limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
# DDos Mitigation
# ***************
# https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
# Limiting the Rate of Requests
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
# Limiting the Number of Connections
limit_conn_zone $binary_remote_addr zone=addr:50m;
# Add FastCGI caching
# https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
# Your own SSL settings here if using SSL
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_static on;
gzip_min_length 20;
gzip_proxied expired no-cache no-store private auth;
gzip_comp_level 7;
gzip_buffers 32 4k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
# Our globalblacklist.conf Bot Blocker Gets Included Because it is placed into the conf.d folder
# which is loaded by the include below
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}