Skip to content

nginx

hide version

http {
  server_tokens off;
  [...]
}

limit connections

Info

See nginx http_limit_conn module for further details

http {
    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;
    [...]

    server {
        limit_conn perip 16;
        limit_conn perserver 64;
        [...]
    }
}

reject proxy requests not targeting own setup

http {
    [...]
    server {
        [...]
        if ($host !~ der-jd.de) {
            return 444;
        }
        [...]
    }

dynamic stream proxy containers

Info

In this case nginx is a reverse proxy for puppetservers.
Each puppetserver is called like its environment. ie prod, qa, dev.
On the clientside an /etc/hosts entry points to the nginx reverse proxy.

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
}

stream {
  server {
    listen 8140;
    ssl_preread on;
    proxy_pass  $ssl_preread_server_name:8140;
    resolver 127.0.0.11;
  }
}
Last update: May 2, 2020