kekk

nginx/nginx.conf

@@ -1,4 +1,3 @@
-
 worker_processes auto;
 worker_rlimit_nofile 65535;
 
@@ -22,6 +21,7 @@ stream {
 
 http {
 
+    # Basic Settings
     charset utf-8;
     sendfile on;
     tcp_nopush on;
@@ -31,6 +31,9 @@ http {
     types_hash_max_size 4096;
     types_hash_bucket_size 64;
 
+    # Virtual Host Configs
+    include /etc/nginx/sites-enabled/*.conf;
+
     # MIME
     include mime.types;
     default_type application/octet-stream;
@@ -44,14 +47,32 @@ http {
     ssl_session_cache shared:MozSSL:10m;
     ssl_session_tickets off;
 
-    # Diffie-Hellman parameter for DHE ciphersuites
+	# Diffie-Hellman parameter for DHE ciphersuites
     ssl_dhparam /etc/nginx/dhparam.pem;
 
-    # OCSP Stapling
-    #ssl_stapling on;
-    #ssl_stapling_verify on;
+    # HTTP2 Settings
+    http2_max_field_size 64k;
+    http2_max_header_size 512k;
 
-        # Connection header for WebSocket reverse proxy
+    # DDOS Protection
+    limit_conn_zone $binary_remote_addr zone=perip:10m;
+    limit_conn perip 100;
+
+    limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
+    limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
+
+    # reset timed out connections freeing ram
+    reset_timedout_connection on;
+    # maximum time between packets the client can pause when sending nginx any data
+    client_body_timeout 10s;
+    # maximum time the client has to send the entire header to nginx
+    client_header_timeout 10s;
+    # timeout which a single keep-alive client connection will stay open
+    keepalive_timeout 65s;
+    # maximum time between packets nginx is allowed to pause when sending the client data
+    send_timeout 10s;
+
+	# Connection header for WebSocket reverse proxy
     map $http_upgrade $connection_upgrade {
         default upgrade;
         ""      close;
@@ -78,8 +99,4 @@ http {
         default "$proxy_forwarded_elem";
     }
 
-    # Include sites-enabled and config
-   # include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*;
-
 }