evo/Evo.Gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge branch feature/anti-ddos

Browse Source
This commit is contained in:
vchikalkin 2024-02-15 21:41:42 +03:00
parent 6273a11b6d
commit 2005544190
5 changed files with 76 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
config/http/nginx.conf Normal file
View File

@ -0,0 +1,55 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:20m;
limit_conn_status 429;
limit_req_zone $binary_remote_addr zone=req_limit_page:5m rate=1r/s;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
#tcp_nopush on;
keepalive_timeout 60s;
#gzip on;
include /etc/nginx/conf.d/*.conf;
# Compression
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_comp_level 1;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_disable "msie6";
resolver 127.0.0.11 ipv6=off;
client_body_timeout 20s;
client_header_timeout 20s;
}

24
config/nginx.auth.conf
View File

@ -22,13 +22,9 @@ server {
listen 80; listen 80;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000; limit_req zone=req_limit_per_ip burst=30;
gzip_proxied any; limit_conn conn_limit_per_ip 30;
gzip_comp_level 1;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_disable "msie6";
error_page 401 /login; error_page 401 /login;
@ -54,6 +50,20 @@ server {
proxy_pass http://auth_api/$AUTH_MODE/$1; proxy_pass http://auth_api/$AUTH_MODE/$1;
} }
location = / {
limit_req zone=req_limit_page burst=1 nodelay;
proxy_pass http://app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
include /etc/nginx/include/auth.conf;
}
location / { location / {
proxy_pass http://app; proxy_pass http://app;

10
config/nginx.off.conf
View File

@ -9,14 +9,8 @@ server {
listen 80; listen 80;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
gzip on; limit_req zone=req_limit_per_ip burst=30;
gzip_min_length 1000; limit_conn conn_limit_per_ip 30;
gzip_proxied any;
gzip_comp_level 1;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_disable "msie6";
location / { location / {
proxy_pass http://app; proxy_pass http://app;

1
docker-compose.auth.yml
View File

@ -13,6 +13,7 @@ services:
volumes: volumes:
- ./config/nginx.auth.conf:/etc/nginx/templates/default.conf.template - ./config/nginx.auth.conf:/etc/nginx/templates/default.conf.template
- ./config/include:/etc/nginx/include - ./config/include:/etc/nginx/include
- ./config/http/nginx.conf:/etc/nginx/nginx.conf
restart: always restart: always
networks: networks:
- auth_network - auth_network

1
docker-compose.off.yml
View File

@ -11,6 +11,7 @@ services:
volumes: volumes:
- ./config/nginx.off.conf:/etc/nginx/templates/default.conf.template - ./config/nginx.off.conf:/etc/nginx/templates/default.conf.template
- ./config/include:/etc/nginx/include - ./config/include:/etc/nginx/include
- ./config/http/nginx.conf:/etc/nginx/nginx.conf
restart: always restart: always
networks: networks:
- app_network - app_network