Add hint and another variable

README.md

@@ -15,13 +15,14 @@ Role to install Nginx.
 | `nginx_http_version` | `1.1` | [documentation](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) |
 | `nginx_gzip` | | [documentation](https://nginx.org/en/docs/http/ngx_http_gzip_module.html) |
 | `nginx_gzip_types` | --> `defaults/main.yaml` | |
+| `nginx_server_tokens` | `off` | |
 | `dhparam_path` | `/etc/ssl/private/dhparam.pem` | Path to dhparam file |
 | `dhparam_size` | `4096` | Size (in bits) of the generated DH-params |
 
 ## Rate limiting
 ### Limiting the Request Rate
 
-You can use Nginx' [Rate Limiting](https://www.nginx.com/blog/rate-limiting-nginx/) to slow | down brute force attacks.
+You can use Nginx' [Rate Limiting](https://www.nginx.com/blog/rate-limiting-nginx/) to slow down brute force attacks.
 The following zones are available:
 
 | Zone name | Filter | Limit |
@@ -31,6 +32,11 @@ The following zones are available:
 | `req_server_one` | Domain | 10r/s |
 | `req_server_two` | Domain | 1r/s |
 
+Add such a zone to your `server` or `location` block:
+```Shell
+limit_req zone=req_ip_one burst=5 nodelay;
+```
+
 ### Limiting the Number of Connections
 
 You can also limit the number of [connection](https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/):

templates/nginx.conf.j2

@@ -20,7 +20,7 @@ http {
     tcp_nodelay on;
     keepalive_timeout 65;
     types_hash_max_size 2048;
-    server_tokens off;
+    server_tokens {{ nginx_server_token | default(off) }};
 
     map_hash_max_size 4096;
     map_hash_bucket_size 128;