No description
Find a file
2023-03-11 21:25:09 +01:00
defaults Enable gzip compression 2023-03-11 21:01:42 +01:00
files Fix spacing 2023-03-11 18:50:34 +01:00
handlers nginx: Aktualisiere Rolle. Dient nun zur allgemeinen Einrichtung von Nginx 2022-06-19 20:30:17 +02:00
meta Add more configuration files and templates 2023-03-11 18:18:27 +01:00
tasks Add bad bot block list 2023-03-11 20:25:06 +01:00
templates Add hint and another variable 2023-03-11 21:25:09 +01:00
README.md Add hint and another variable 2023-03-11 21:25:09 +01:00

Nginx

Role to install Nginx.

Variables

Name Default Notes
nginx_port 80 Listen port for Nginx
nginx_package_name nginx-full Name of the Debian package to install
nginx_bad_client_ip List of IP address to deny access
nginx_type gateway for a Reverse Proxy, standalone for a frontend webserver, backend for a backend webserver (behind a Reverse Proxy)
nginx_proxy_headers_hash_bucket_size 64
nginx_http_version 1.1 documentation
nginx_gzip documentation
nginx_gzip_types --> defaults/main.yaml
nginx_server_tokens off
dhparam_path /etc/ssl/private/dhparam.pem Path to dhparam file
dhparam_size 4096 Size (in bits) of the generated DH-params

Rate limiting

Limiting the Request Rate

You can use Nginx' Rate Limiting to slow down brute force attacks. The following zones are available:

Zone name Filter Limit
req_ip_one IP address 10r/s
req_ip_two IP address 1r/s
req_server_one Domain 10r/s
req_server_two Domain 1r/s

Add such a zone to your server or location block:

limit_req zone=req_ip_one burst=5 nodelay;

Limiting the Number of Connections

You can also limit the number of connection:

Zone name Filter Limit
con_ip_one IP address No default limit

Bad Bot Blocker

This roles uses a deny list from the nginx-ultimate-bad-bot-blocker repository.

Include the list in your server block with:

if ($bad_bots = 1) {return 444;}