nginx: prevent ddos main page

2024-02-15 21:35:56 +03:00 · 2024-02-15 21:35:56 +03:00 · 570125a7ac
commit 570125a7ac
parent 738492d96b
2 changed files with 16 additions and 0 deletions
--- a/config/http/nginx.conf
+++ b/config/http/nginx.conf
@ -19,6 +19,8 @@ http {
    limit_req_zone             $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
    limit_conn_zone            $binary_remote_addr zone=conn_limit_per_ip:20m;
    limit_conn_status          429;
+    
+    limit_req_zone             $binary_remote_addr zone=req_limit_page:5m rate=1r/s;

    log_format                 main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status                   $body_bytes_sent "$http_referer" '
--- a/config/nginx.auth.conf
+++ b/config/nginx.auth.conf
@ -50,6 +50,20 @@ server {
        proxy_pass               http://auth_api/$AUTH_MODE/$1;
    }

+    location = / {
+        limit_req                zone=req_limit_page burst=1 nodelay;
+
+        proxy_pass               http://app;
+
+        proxy_http_version       1.1;
+        proxy_set_header         Upgrade $http_upgrade;
+        proxy_set_header         Connection 'upgrade';
+        proxy_set_header         Host $host;
+        proxy_cache_bypass       $http_upgrade;
+
+        include                  /etc/nginx/include/auth.conf;
+    }
+
    location / {
        proxy_pass               http://app;