arenadoon
/ allow
Created
September 4, 2019 22:50
— forked from Nilpo/allow
CSF Allow AND Ignore Cloudflare IPv4 IP's.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for i in `curl https://www.cloudflare.com/ips-v4`; do csf -a $i; done |
arenadoon
/ sysctl.conf
Created
August 24, 2019 16:20
— forked from sokratisg/sysctl.conf
Tuned sysctl.conf for use by CentOS/RHEL 6.x or later
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kernel sysctl configuration file for Red Hat Linux | |
| # | |
| # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and | |
| # sysctl.conf(5) for more details. | |
| # Turn on execshield | |
| # 0 completely disables ExecShield and Address Space Layout Randomization | |
| # 1 enables them ONLY if the application bits for these protections are set to “enable” | |
| # 2 enables them by default, except if the application bits are set to “disable” | |
| # 3 enables them always, whatever the application bits |
arenadoon
/ nginx.conf
Created
August 24, 2019 14:03
— forked from v0lkan/nginx.conf
Configuring NGINX for Maximum Throughput Under High Concurrency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user web; | |
| # One worker process per CPU core. | |
| worker_processes 8; | |
| # Also set | |
| # /etc/security/limits.conf | |
| # web soft nofile 65535 | |
| # web hard nofile 65535 | |
| # /etc/default/nginx |
arenadoon
/ nginx.conf
Created
August 24, 2019 00:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user www-data; | |
| worker_processes 1; # set to number of cores | |
| worker_priority 15; # be nice | |
| # todo: put these on tmpfs, slow write logs to non-volatile | |
| error_log /var/log/nginx/error.log; | |
| pid /var/run/nginx.pid; | |
| # set open fd limit to 81920 | |
| worker_rlimit_nofile 81920; # must be equal or higher as 'worker_processes' * 'worker_connections' |
arenadoon
/ gist:030dd273cfba8f66ad81ea60c9a9ef1f
Created
August 22, 2019 12:50
— forked from Steven-Rose/gist:3943830
VI: Select all + delete, select all + copy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Select all and delete (actually move to buffer) | |
| :%d | |
| Select all and copy to buffer | |
| :%y | |
| Use p to paste the buffer. |
arenadoon
/ gist:820e70d8d2e6c90ea8263465e8d92e37
Created
August 22, 2019 04:49
— forked from supairish/gist:748c85552b2f7047a36a
Whitelist request throttling in Nginx?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| map $whitelist $limit { | |
| default $binary_remote_addr; | |
| 1 ""; | |
| } | |
| limit_conn_zone $limit zone=conn_limit_per_ip:10m; | |
| limit_req_zone $limit zone=req_limit_per_ip:10m rate=5r/s; | |
| server { |
arenadoon
/ nginx_cloudflare.conf
Created
August 21, 2019 22:57
— forked from igortik/nginx_cloudflare.conf
Nginx & Cloudflare real IP configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Look for client IP in the X-Forwarded-For header | |
| real_ip_header X-Forwarded-For; | |
| # Ignore trusted IPs | |
| real_ip_recursive on; | |
| # Trusted list | |
| set_real_ip_from 199.27.128.0/21; | |
| set_real_ip_from 173.245.48.0/20; | |
| set_real_ip_from 103.21.244.0/22; |
arenadoon
/ nginx.conf
Created
August 21, 2019 22:56
— forked from igortik/nginx.conf
Nginx optimized configuration with DDoS mitigation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| # one(1) worker or equal the number of _real_ cpu cores. 4=4 core cpu | |
| worker_processes 4; | |
| # renice workers to reduce priority compared to system processes for | |
| # machine health. worst case nginx will get ~25% system resources at nice=15 | |
| worker_priority -5; |
NewerOlder