Compare commits

...

2 commits

Author SHA1 Message Date
87fcad3add
nftables: Increase blackhole threshold. 2024-04-08 17:37:09 +02:00
40fa44dcc2
Fix proxy headers when using WebSocket. 2024-04-08 17:35:09 +02:00
6 changed files with 7 additions and 2 deletions

View file

@ -40,10 +40,10 @@ table inet filter {
# Prevent DDoS # Prevent DDoS
# Rate limiting # Rate limiting
meta nfproto ipv4 meter ratelimit4 \ meta nfproto ipv4 meter ratelimit4 \
{ ip saddr limit rate over 50/second burst 10 packets } \ { ip saddr limit rate over 75/second burst 15 packets } \
add @blackhole_ipv4 { ip saddr } add @blackhole_ipv4 { ip saddr }
meta nfproto ipv6 meter ratelimit6 \ meta nfproto ipv6 meter ratelimit6 \
{ ip6 saddr limit rate over 50/second burst 10 packets } \ { ip6 saddr limit rate over 75/second burst 15 packets } \
add @blackhole_ipv6 { ip6 saddr } add @blackhole_ipv6 { ip6 saddr }
# Max concurrent connections # Max concurrent connections
meta nfproto ipv4 meter connlimit4 \ meta nfproto ipv4 meter connlimit4 \

View file

@ -12,5 +12,6 @@ server {
proxy_pass http://127.0.0.1:{{ ports['hedgedoc'] }}; proxy_pass http://127.0.0.1:{{ ports['hedgedoc'] }};
include /etc/nginx/snippets/websocket.conf; include /etc/nginx/snippets/websocket.conf;
include /etc/nginx/snippets/proxy.conf;
} }
} }

View file

@ -8,5 +8,6 @@ server {
proxy_pass https://127.0.0.1:{{ ports['mailserver_jmap'] }}; proxy_pass https://127.0.0.1:{{ ports['mailserver_jmap'] }};
include /etc/nginx/snippets/websocket.conf; include /etc/nginx/snippets/websocket.conf;
include /etc/nginx/snippets/proxy.conf;
} }
} }

View file

@ -12,5 +12,6 @@ server {
proxy_set_header X-Client-Port $remote_port; proxy_set_header X-Client-Port $remote_port;
proxy_set_header X-SSL-Cert $ssl_client_cert; proxy_set_header X-SSL-Cert $ssl_client_cert;
include /etc/nginx/snippets/websocket.conf; include /etc/nginx/snippets/websocket.conf;
include /etc/nginx/snippets/proxy.conf;
} }
} }

View file

@ -8,5 +8,6 @@ server {
proxy_pass http://127.0.0.1:{{ ports['uptime_kuma'] }}; proxy_pass http://127.0.0.1:{{ ports['uptime_kuma'] }};
include /etc/nginx/snippets/websocket.conf; include /etc/nginx/snippets/websocket.conf;
include /etc/nginx/snippets/proxy.conf;
} }
} }

View file

@ -14,5 +14,6 @@ server {
proxy_pass http://vaultwarden; proxy_pass http://vaultwarden;
include /etc/nginx/snippets/websocket.conf; include /etc/nginx/snippets/websocket.conf;
include /etc/nginx/snippets/proxy.conf;
} }
} }