Skip to content

Instantly share code, notes, and snippets.

@jkirkby91

jkirkby91/nginx-ssl-loadbalancer-proxy-naxsi.conf

Last active May 22, 2016 17:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jkirkby91/e6de5882f0e6df8e42adf1fb6f8e78b6 to your computer and use it in GitHub Desktop.
Save jkirkby91/e6de5882f0e6df8e42adf1fb6f8e78b6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx-ssl-loadbalancer-proxy-naxsi.conf
# Site-enabled config for a nginx ssl reverse proxy & loadbalancer
# runs with nginx-naxsi secruity rules
# runs with ddos mitigation
# Greeat for balancing docker containers
upstream dockerswarm {
server 192.168.0.47:8080 weight=1 max_fails=3 fail_timeout=15s;
server 192.168.0.47:8080 weight=2;
keepalive 32;
}
limit_req_status 444;
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s;
server {
listen 192.168.33.10;
server_name demo-site.docker;
ssl off;
client_body_timeout 5s;
client_header_timeout 5s;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log combined;
location / {
limit_conn addr 10;
limit_req zone=one burst=75 nodelay;
proxy_bind 192.168.0.49;
include /etc/nginx/naxsi.rules;
proxy_pass http://dockerswarm;
proxy_buffering on;
proxy_buffers 256 16k;
proxy_buffer_size 128k;
proxy_read_timeout 300;
proxy_intercept_errors on;
proxy_max_temp_file_size 0;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
client_max_body_size 100M;
client_body_buffer_size 1m;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment