Nginx ===== Role to install Nginx. ## Variables | Name | Default | Notes | |--|--|--| | `nginx_port` | `80` | Listen port for Nginx | | `nginx_package_name` | `nginx-full` | Name of the Debian package to install | | `nginx_bad_client_ip` | | List of IP address to deny access | | `nginx_type` | | `gateway` for a Reverse Proxy, `standalone` for a frontend webserver, `backend` for a backend webserver (behind a Reverse Proxy) | | `dhparam_path` | `/etc/ssl/private/dhparam.pem` | Path to dhparam file | | `dhparam_size` | `4096` | Size (in bits) of the generated DH-params | ## Rate limiting ### Limiting the Request Rate You can use Nginx' [Rate Limiting](https://www.nginx.com/blog/rate-limiting-nginx/) to slow | down brute force attacks. The following zones are available: | Zone name | Filter | Limit | |--|--|--| | `req_ip_one` | IP address | 30r/m | | `req_ip_two` | IP address | 15r/m | | `req_server_one` | Domain | 30r/m | | `req_server_two` | Domain | 15r/m | ### Limiting the Number of Connections You can also limit the number of [connection](https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/): | Zone name | Filter | Limit | |--|--|--| | `con_ip_one` | IP address | No default limit |