road to multi server block support
This commit is contained in:
bunkerity
4
confs/global/cache.conf
Normal file
4
confs/global/cache.conf
Normal file
@@ -0,0 +1,4 @@
|
||||
open_file_cache %CACHE%;
|
||||
open_file_cache_errors %CACHE_ERRORS%;
|
||||
open_file_cache_min_uses %CACHE_USES%;
|
||||
open_file_cache_valid %CACHE_VALID%;
|
||||
9
confs/global/crowdsec.conf
Normal file
9
confs/global/crowdsec.conf
Normal file
@@ -0,0 +1,9 @@
|
||||
init_by_lua_block {
|
||||
local cs = require "crowdsec.CrowdSec"
|
||||
local ok, err = cs.init("/usr/local/lib/lua/crowdsec/crowdsec.conf")
|
||||
if ok == nil then
|
||||
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
|
||||
error()
|
||||
end
|
||||
ngx.log(ngx.ERR, "[Crowdsec] Initialisation done")
|
||||
}
|
||||
8
confs/global/dhparam
Normal file
8
confs/global/dhparam
Normal file
@@ -0,0 +1,8 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
10
confs/global/geoip.conf
Normal file
10
confs/global/geoip.conf
Normal file
@@ -0,0 +1,10 @@
|
||||
geoip2 /etc/nginx/geoip.mmdb {
|
||||
auto_reload 5m;
|
||||
$geoip2_metadata_country_build metadata build_epoch;
|
||||
$geoip2_data_country_code country iso_code;
|
||||
}
|
||||
|
||||
map $geoip2_data_country_code $allowed_country {
|
||||
default yes;
|
||||
%BLOCK_COUNTRY%
|
||||
}
|
||||
9
confs/global/gzip.conf
Normal file
9
confs/global/gzip.conf
Normal file
@@ -0,0 +1,9 @@
|
||||
# /etc/nginx/gzip.conf
|
||||
|
||||
# enable/disable gzip compression
|
||||
gzip %USE_GZIP%;
|
||||
gzip_comp_level %GZIP_COMP_LEVEL%;
|
||||
gzip_disable msie6;
|
||||
gzip_min_length %GZIP_MIN_LENGTH%;
|
||||
gzip_proxied any;
|
||||
gzip_types %GZIP_TYPES%;
|
||||
4
confs/global/map-user-agent.conf
Normal file
4
confs/global/map-user-agent.conf
Normal file
@@ -0,0 +1,4 @@
|
||||
map $http_user_agent $bad_user_agent {
|
||||
default no;
|
||||
%BLOCK_USER_AGENT%
|
||||
}
|
||||
108
confs/global/nginx.conf
Normal file
108
confs/global/nginx.conf
Normal file
@@ -0,0 +1,108 @@
|
||||
# /etc/nginx/nginx.conf
|
||||
|
||||
# load dynamic modules
|
||||
load_module /usr/lib/nginx/modules/ngx_http_cookie_flag_filter_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
|
||||
|
||||
# run as daemon
|
||||
daemon on;
|
||||
|
||||
# PID file
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
# worker number = CPU core(s)
|
||||
worker_processes auto;
|
||||
|
||||
# faster regexp
|
||||
pcre_jit on;
|
||||
|
||||
# config files for dynamic modules
|
||||
include /etc/nginx/modules/*.conf;
|
||||
|
||||
events {
|
||||
# max connections per worker
|
||||
worker_connections 1024;
|
||||
|
||||
# epoll seems to be the best on Linux
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http {
|
||||
# zero copy within the kernel
|
||||
sendfile on;
|
||||
|
||||
# send packets only if filled
|
||||
tcp_nopush on;
|
||||
|
||||
# remove 200ms delay
|
||||
tcp_nodelay on;
|
||||
|
||||
# load mime types and set default one
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# load gzip custom config
|
||||
include /etc/nginx/gzip.conf;
|
||||
|
||||
# maximum request body size
|
||||
client_max_body_size %MAX_CLIENT_SIZE%;
|
||||
|
||||
# write logs to local syslog
|
||||
access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice combined;
|
||||
error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn;
|
||||
|
||||
# temp paths
|
||||
proxy_temp_path /tmp/proxy_temp;
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
# load caching custom config
|
||||
include /etc/nginx/cache.conf;
|
||||
|
||||
# close connections in FIN_WAIT1 state
|
||||
reset_timedout_connection on;
|
||||
|
||||
# timeouts
|
||||
client_body_timeout 12;
|
||||
client_header_timeout 12;
|
||||
keepalive_timeout 15;
|
||||
send_timeout 10;
|
||||
|
||||
# enable/disable sending nginx version
|
||||
server_tokens %SERVER_TOKENS%;
|
||||
|
||||
# resolvers to use
|
||||
resolver %DNS_RESOLVERS% ipv6=off;
|
||||
|
||||
# lua path and dicts
|
||||
lua_package_path "/usr/local/lib/lua/?.lua;;";
|
||||
%WHITELIST_IP_CACHE%
|
||||
%WHITELIST_REVERSE_CACHE%
|
||||
%BLACKLIST_IP_CACHE%
|
||||
%BLACKLIST_REVERSE_CACHE%
|
||||
%DNSBL_CACHE%
|
||||
|
||||
# crowdsec init
|
||||
%USE_CROWDSEC%
|
||||
|
||||
# shared memory zone for limit_req
|
||||
%LIMIT_REQ_ZONE%
|
||||
|
||||
# list of blocked country
|
||||
%BLOCK_COUNTRY%
|
||||
|
||||
# list of blocker user agents
|
||||
%BLOCK_USER_AGENT%
|
||||
|
||||
# custom http confs
|
||||
include /http-confs/*.conf;
|
||||
|
||||
# server config(s)
|
||||
%INCLUDE_SERVER%
|
||||
}
|
||||
Reference in New Issue
Block a user