You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

phil 719fc93598 Create dhparams only for gateways or standalone servers Fix lint warnings		3 months ago
defaults	Enable gzip compression	3 months ago
files	Add fail2ban configuration	3 months ago
handlers	Add fail2ban configuration	3 months ago
meta	Add more configuration files and templates	3 months ago
tasks	Create dhparams only for gateways or standalone servers	3 months ago
templates	Fix quotation	3 months ago
README.md	Configure logging	3 months ago

Nginx

A role to install and configure Nginx.

Dependencies

Run this role after you have installed fail2ban.

Name	Default	Notes
`nginx_port`	`80`	Listen port for Nginx
`nginx_package_name`	`nginx-full`	Name of the Debian package to install
`nginx_bad_client_ip`		List of IP address to deny access
`nginx_type`		`gateway` for a Reverse Proxy, `standalone` for a frontend webserver, `backend` for a backend webserver (behind a Reverse Proxy)
`nginx_proxy_headers_hash_bucket_size`	`64`
`nginx_http_version`	`1.1`	documentation
`nginx_gzip`		documentation
`nginx_gzip_types`	--> `defaults/main.yaml`
`nginx_server_tokens`	`off`
`nginx_access_log`	`off`	Path and configuration for access log
`dhparam_path`	`/etc/ssl/private/dhparam.pem`	Path to dhparam file
`dhparam_size`	`4096`	Size (in bits) of the generated DH-params

You can use Nginx' Rate Limiting to slow down brute force attacks. The following zones are available:

Add such a zone to your server or location block:

limit_req zone=req_ip_one burst=5 nodelay;

You can also limit the number of connection:

Zone name	Filter	Limit
`con_ip_one`	IP address	No default limit

This roles uses a deny list from the nginx-ultimate-bad-bot-blocker repository.

Include the list in your server block with:

if ($bad_bots = 1) {return 444;}