proginn
/
docker-test


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
							include /etc/nginx/modules-enabled/*.conf;
worker_processes 2;
pid /run/nginx.pid;
user  www-data www-data;
events {
    worker_connections 768;
    use epoll;
    # multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 120;
    #types_hash_max_size 2048;
    server_tokens off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    client_header_buffer_size 4k;
    large_client_header_buffers 4 32k;
    client_max_body_size 20m;
    client_body_buffer_size 1024k;

    #open_file_cache max=5000 inactive=60;
    #reset_timedout_connection on;

    error_log /data/log/nginx_error.log;

    gzip on;
    gzip_disable "msie6";

    gzip_vary off;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.0;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    fastcgi_connect_timeout 10;
    fastcgi_send_timeout 30;
    fastcgi_read_timeout 30;
    #fastcgi_buffer_size 128k;
    #fastcgi_buffers 8 128k;
    #fastcgi_busy_buffers_size 256k;
    #fastcgi_temp_file_write_size 256k;
    #fastcgi_intercept_errors on;
    #fastcgi_hide_header Pragma;
    #fastcgi cache
    #fastcgi_cache_path /data/log/web/fastcgi_cache levels=1:2 keys_zone=cache_voice:128m inactive=30m max_size=4G;
    
    limit_req_zone $binary_remote_addr zone=byip:20m rate=20r/s;

    resolver 100.100.2.136 100.100.2.138 ipv6=off;
    resolver_timeout 1s;

    lua_shared_dict limit 50m;
    lua_shared_dict waf_rules 10m;
    lua_shared_dict white_ips 10m;
    lua_shared_dict black_ips 10m;

    lua_package_path "/etc/nginx/conf/waf/?.lua";
    init_by_lua_file "/etc/nginx/conf/waf/init.lua";
    access_by_lua_file "/etc/nginx/conf/waf/access.lua";

    # deny black ip
    deny 58.22.18.222;

    log_format proginn-logid ' [$time_local] $host $remote_addr $remote_user $request $request_time $request_length $body_bytes_sent $status '
                        '$server_addr $upstream_addr $upstream_response_time $upstream_status $http_referer" "$http_user_agent" "$http_x_real_ip" "$http_x_forwarded_for" logId=$temp_request_id';
    access_log off;

    server_names_hash_bucket_size 128;
    
    # default
    server {
        listen      80 default_server;
        server_name _;
        set $temp_request_id $request_id;
        return      444;
    }

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}