chore: maj conf nginx

StartupsPoleEmploi · Jul 2, 2024 · 4f803e8 · 4f803e8
1 parent 7c31c45
commit 4f803e8
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/misc/docker/nginx/Dockerfile b/misc/docker/nginx/Dockerfile
@@ -1,7 +1,8 @@
 FROM nginx:mainline
 
 RUN apt-get update \
-    && apt-get install -y logrotate
+    && apt-get install -y logrotate \
+    && apt-get -y install fail2ban iptables
 
 #Logrotate
 COPY app/logrotate.d/logrotate.conf /etc/logrotate.conf
@@ -11,5 +12,5 @@ RUN chmod 644 /etc/logrotate.conf
 COPY app/nginx /etc/nginx
 COPY app/start.sh /opt/nginx/start.sh
 RUN chmod +x /opt/nginx/start.sh
-
+    
 CMD /opt/nginx/start.sh
diff --git a/misc/docker/nginx/app/nginx/conf.d/locations.inc b/misc/docker/nginx/app/nginx/conf.d/locations.inc
@@ -1,6 +1,7 @@
  location ~ ^/(admin|backoffice|questionnaire|widget|stats)(.*)$ {
 
-    limit_req zone=flood burst=100 nodelay;
+    limit_conn conn_limit_per_ip 20; 
+    limit_req zone=req_limit_per_ip burst=100 nodelay;
 
     proxy_buffering off;
 
@@ -15,7 +16,8 @@
 
 location / {
 
-    limit_req zone=flood burst=100 nodelay;
+    limit_conn conn_limit_per_ip 20; 
+    limit_req zone=req_limit_per_ip burst=100 nodelay;
 
     proxy_buffering off;
 

diff --git a/misc/docker/nginx/app/nginx/nginx.conf b/misc/docker/nginx/app/nginx/nginx.conf
@@ -21,7 +21,7 @@ http {
     keepalive_timeout  65;
     #gzip  on;
 
-    limit_req_zone $binary_remote_addr zone=flood:10m rate=400r/m;
+    limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=400r/m;
     limit_req_log_level error;
 
     include /etc/nginx/conf.d/*.conf;

diff --git a/misc/docker/nginx/app/start.sh b/misc/docker/nginx/app/start.sh
@@ -4,4 +4,4 @@ mkdir -p /data/log
 touch /data/log/error.log
 touch /data/log/access.log
 
-nginx && tail -f /data/log/*.log
+nginx && service fail2ban start && tail -f /data/log/*.log