Last active
January 2, 2020 17:49
-
-
Save silentbreaksec/6409642eaeed5d7df45715cc086865d7 to your computer and use it in GitHub Desktop.
Red Team Nginx Sample Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes auto; | |
| pid /usr/local/nginx/logs/nginx.pid; | |
| include /etc/nginx/conf.d/*.conf; | |
| worker_rlimit_nofile 50000; | |
| events { | |
| worker_connections 50000; | |
| } | |
| stream { | |
| server { | |
| listen 53 udp; | |
| proxy_pass 10.10.10.2:53; #DNS callback server | |
| } | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| index index.html index.php | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE | |
| ssl_prefer_server_ciphers on; | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log; | |
| sendfile on; | |
| tcp_nopush on; | |
| keepalive_timeout 30; | |
| gzip on; | |
| client_max_body_size 100M; | |
| #repeat this section block for each callback domain | |
| upstream upstreamroute1 { | |
| server 10.10.10.3:80 backup; #content server | |
| server 10.10.10.4:80; #LP | |
| } | |
| server { | |
| listen 10.1.1.2:80; #or bind globally | |
| listen 10.1.1.2:443 ssl; | |
| ssl_certificate /etc/letsencrypt/live/domainname.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/domainname.com/privkey.pem; | |
| location / { | |
| proxy_set_header Host $host; | |
| proxy_set_header Relay $remote_addr; | |
| proxy_pass http://upstreamroute1; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment