Last active
November 10, 2022 23:58
-
-
Save nginx-gists/bb89c16f7c6e3963ca623717f4a1a033 to your computer and use it in GitHub Desktop.
Announcing NGINX Plus R19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| keyval_zone zone=denylist:128K type=ip timeout=24h; | |
| keyval $remote_addr $in_denylist zone=denylist; | |
| server { | |
| listen 80; | |
| location / { | |
| if ($in_denylist) { | |
| return 403; # Forbidden | |
| } | |
| proxy_pass http://my_backend; | |
| } | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| limit_req_zone $binary_remote_addr zone=10000rs:1M rate=10000r/s; | |
| limit_req_zone $binary_remote_addr zone=1000rs:1M rate=1000r/s; | |
| limit_req_zone $binary_remote_addr zone=100rs:1M rate=100r/s; | |
| limit_req_zone $binary_remote_addr zone=10rs:1M rate=10r/s; | |
| server { | |
| listen 80; | |
| location / { | |
| limit_req zone=10000rs nodelay; | |
| limit_req zone=1000rs nodelay; | |
| limit_req zone=100rs nodelay; | |
| limit_req zone=10rs nodelay; | |
| limit_req_dry_run on; # No rate limit enforcement | |
| proxy_pass http://my_backend; | |
| } | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| map $ssl_protocol $response_rate { | |
| "TLSv1.1" 10k; | |
| "TLSv1.2" 100k; | |
| "TLSv1.3" 1000k; | |
| } | |
| server { | |
| listen 443 ssl; | |
| ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | |
| ssl_certificate www.example.com.crt; | |
| ssl_certificate_key www.example.com.key; | |
| location / { | |
| limit_rate $response_rate; # Limit bandwidth based on TLS version | |
| limit_rate_after 512; # Apply limit after headers have been sent | |
| proxy_pass http://my_backend; | |
| } | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location = /metrics { | |
| js_content prometheus_metrics; | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resolver 192.168.53.1 192.168.53.2 valid=5s status_zone=internal_dns; | |
| upstream { | |
| zone my_backend 64k; | |
| server backends.internal.example.com resolve; | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name www.example.com; | |
| status_zone www.example.com; # Collect metrics for this server | |
| location / { | |
| root /var/docroot/www.example.com; | |
| } | |
| location /admin/ { | |
| status_zone www_admin; # Collect metrics for this location | |
| proxy_pass http://my_backend; | |
| } | |
| } | |
| # vim: syntax=nginx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name www.example.com; | |
| status_zone www.example.com; # Collect metrics for this server | |
| location / { | |
| root /var/docroot/www.example.com; | |
| } | |
| location /admin/ { | |
| status_zone www_admin; | |
| if ($is_args) { | |
| status_zone www_admin_query; # Separate metrics for query strings | |
| } | |
| proxy_pass http://my_backend; | |
| } | |
| } | |
| # vim: syntax=nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For a discussion of these files, see Announcing NGINX Plus R19