From 5ec74880d88e62f2aae9b491efeb87e7835963ed Mon Sep 17 00:00:00 2001
From: Bunkerity <54334437+bunkerity@users.noreply.github.com>
Date: Tue, 27 Apr 2021 17:40:33 +0200
Subject: [PATCH] update README for v1.2.4
---
README.md | 54 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 37 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index 1a509d5..03ad8b1 100644
--- a/README.md
+++ b/README.md
@@ -3,13 +3,17 @@
- 
- 
- 
+ 
+ 
+
+ 
+ 
+
+
+
-
-
- 
+ 
+
nginx Docker image secure by default.
@@ -34,9 +38,13 @@ Fooling automated tools/scanners :
+You can find a live demo at https://demo-nginx.bunkerity.com, feel free to do some security tests.
+
# Table of contents
+
+ Click to show
+
- [Table of contents](#table-of-contents)
-- [Live demo](#live-demo)
- [Quickstart guide](#quickstart-guide)
* [Run HTTP server with default settings](#run-http-server-with-default-settings)
* [In combination with PHP](#in-combination-with-php)
@@ -85,9 +93,7 @@ Fooling automated tools/scanners :
* [Logrotate](#logrotate)
* [Cron jobs](#cron-jobs)
* [Misc](#misc-2)
-
-# Live demo
-You can find a live demo at https://demo-nginx.bunkerity.com.
+
# Quickstart guide
@@ -465,7 +471,7 @@ $ docker run ... -v /path/to/letsencrypt:/etc/letsencrypt ... bunkerity/bunkeriz
# Tutorials and examples
-You will find some docker-compose examples in the [examples directory](https://github.com/bunkerity/bunkerized-nginx/tree/master/examples).
+You will find some docker-compose examples in the [examples directory](https://github.com/bunkerity/bunkerized-nginx/tree/master/examples) and tutorials on our [blog](https://www.bunkerity.com/blog).
# Include custom configurations
Custom configurations files (ending with .conf suffix) can be added in some directory inside the container :
@@ -892,19 +898,19 @@ If set to yes, nginx will redirect all HTTP requests to HTTPS.
`USE_CUSTOM_HTTPS`
Values : *yes* | *no*
Default value : *no*
-Context : *global*
+Context : *global*, *multisite*
If set to yes, HTTPS will be enabled with certificate/key of your choice.
`CUSTOM_HTTPS_CERT`
Values : *\*
Default value :
-Context : *global*
+Context : *global*, *multisite*
Full path of the certificate file to use when `USE_CUSTOM_HTTPS` is set to yes.
`CUSTOM_HTTPS_KEY`
Values : *\*
Default value :
-Context : *global*
+Context : *global*, *multisite*
Full path of the key file to use when `USE_CUSTOM_HTTPS` is set to yes.
### Self-signed certificate
@@ -1257,7 +1263,7 @@ More info rate limiting [here](https://www.nginx.com/blog/rate-limiting-nginx/)
Values : *Xr/s* | *Xr/m*
Default value : *1r/s*
Context : *global*, *multisite*
-The rate limit to apply when `USE_LIMIT_REQ` is set to *yes*. Default is 10 requests per second.
+The rate limit to apply when `USE_LIMIT_REQ` is set to *yes*. Default is 1 request to the same URI and from the same IP per second.
`LIMIT_REQ_BURST`
Values : **
@@ -1277,12 +1283,12 @@ The size of the cache to store information about request limiting.
Values : *yes* | *no*
Default value : *yes*
Context : *global*, *multisite*
-If set to yes, the number of connections made by an ip will be limited during a period of time. (ie. Very small/weak ddos protection)
+If set to yes, the number of connections made by an ip will be limited during a period of time. (ie. very small/weak ddos protection)
More info connections limiting [here](http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html).
`LIMIT_CONN_MAX`
Values : **
-Default value : *40*
+Default value : *50*
Context : *global*, *multisite*
The maximum number of connections per ip to put in queue before rejecting requests.
@@ -1380,6 +1386,14 @@ Default value : *yes*
Context : *global*
If set to yes, ClamAV will automatically remove the detected files.
+## Syslog
+
+`REMOTE_SYSLOG`
+Values : *\*
+Default value :
+Context : *global*
+When defined, rsyslog will send logs (access.log and error.log) to the corresponding IP/hostname using syslog UDP protocol.
+
## Logrotate
`LOGROTATE_MINSIZE`
@@ -1475,3 +1489,9 @@ Values : *random* | *\*
Default value : *random*
Context : *global*
Set it to a random path when you use *bunkerized-nginx* with *autoconf* feature in swarm mode. More info [here](#swarm-mode).
+
+`API_WHITELIST_IP`
+Values : *\*
+Default value : *192.168.0.0/16 172.16.0.0/12 10.0.0.0/8*
+Context : *global*
+List of IP/CIDR block allowed to send API order using the `API_URI` uri.