nginx¶
hide version¶
http {
server_tokens off;
[...]
}
limit connections¶
Info
See nginx http_limit_conn module for further details
http {
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
[...]
server {
limit_conn perip 16;
limit_conn perserver 64;
[...]
}
}
reject proxy requests not targeting own setup¶
http {
[...]
server {
[...]
if ($host !~ der-jd.de) {
return 444;
}
[...]
}
dynamic stream proxy containers¶
Info
In this case nginx is a reverse proxy for puppetservers.
Each puppetserver is called like its environment. ie prod, qa, dev.
On the clientside an /etc/hosts entry points to the nginx reverse proxy.
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
server {
listen 8140;
ssl_preread on;
proxy_pass $ssl_preread_server_name:8140;
resolver 127.0.0.11;
}
}
Last update:
May 2, 2020