-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx_config.conf
77 lines (64 loc) · 2.61 KB
/
nginx_config.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#reroute all traffic from port 80 to ssl
server {
listen 80;
server_name mal2.ait.ac.at;
return 301 https://$host$request_uri;
}
#upstream backend_fakeshop_detector {
#server mal2-fakeshop-plugin_rest-api_server:8081 max_conns=30;
#queue 10 timeout=30s;
#}
#see: https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
#limit rate of requests to 30 requests per minute per client IP address
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
#limit number of active connections per client IP address
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 443 ssl;
server_name mal2.ait.ac.at;
#see: https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
client_body_timeout 15s;
client_header_timeout 15s;
#serving static content from frontend-static/www dir on mal2.ait.ac.at root dir
root ./frontend-static/www;
index index.html;
#keys loaded from mapped volume
ssl_certificate /etc/letsencrypt/live/mal2.ait.ac.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mal2.ait.ac.at/privkey.pem;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
error_log /var/log/nginx/mal2.error_log debug;
#location /fake-shop-detector/api/1.1/ {
#header fields that NGINX sends to the upstream server
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $server_name;
#proxy_set_header X-Scheme $scheme;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_buffering off;
#proxy_buffer_size 16k;
#proxy_busy_buffers_size 24k;
#proxy_buffers 64 4k;
#proxy_pass http://local_server_8081/malzwei/ecommerce/1.1/;
#}
location /fake-shop-detector/api/1.1/ {
#denylisting IP addresses
#deny 123.123.123.1;
#limit requests per client IP per minute. allow bursts for swagger ui
limit_req zone=one burst=20 nodelay;
#limit number of 10 active connections per client IP address
limit_conn addr 10;
#make sure to use docker container name here (and not 127.0.0.1 as not reachable in docker network)
proxy_pass http://mal2-fakeshop-plugin_rest-api_server:8081/malzwei/ecommerce/1.1/;
}
#re-mapping routes of internal service
location /malzwei/ecommerce/1.1/ {
#denylisting IP addresses
#deny 123.123.123.0/28;
#limit requests per client IP per minute. allow bursts for swagger ui
limit_req zone=one burst=20 nodelay;
#limit number of 10 active connections per client IP address
limit_conn addr 10;
proxy_pass http://mal2-fakeshop-plugin_rest-api_server:8081/malzwei/ecommerce/1.1/;
}
}