nginix reverse proxy config

IP Tables Script

rules.sh


iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

cat /etc/nginx/conf.d/domain.com.conf


server {
       listen         80;
       server_name    domain.com;
       return         301 https://$server_name$request_uri;
}
server {
      listen 443 ssl;
      server_name domain.com;

      ssl_certificate /home/ssl/cert.crt;
      ssl_certificate_key /home/ssl/cert.key;

      access_log   /home/logs/domain.com.access.log;
      error_log /home/logs/domain.com.error.log;

      location / {
            proxy_pass https://WEBSERVERIP/;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-SSL on;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_max_temp_file_size 0;
            client_max_body_size 10m;
            client_body_buffer_size 128k;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;

      }
}

shukko.com v.x3

shukko.com hiç kimse ve kendisi için sHuKKo tarafından düzensiz güncellenen yayın organı...

shukko hakkında