Skip to content

Commit c702b53

Browse files
mbuechnermbuechner
committed
Update Nginx configuration for improved request handling and connection limits
1 parent 659e6b4 commit c702b53

2 files changed

Lines changed: 27 additions & 3 deletions

File tree

config/nginx/nginx.conf

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ http {
3030
client_body_buffer_size 16k;
3131
client_header_buffer_size 4k;
3232
large_client_header_buffers 8 16K;
33-
keepalive_timeout 1200s;
33+
keepalive_timeout 75s;
3434
keepalive_requests 100;
3535
reset_timedout_connection off;
3636
tcp_nodelay on;
@@ -113,8 +113,20 @@ http {
113113
text/x-component
114114
text/x-cross-domain-policy;
115115

116-
real_ip_header X-Real-IP;
117-
real_ip_recursive off;
116+
real_ip_header X-Forwarded-For;
117+
real_ip_recursive on;
118+
119+
set_real_ip_from 127.0.0.1;
120+
set_real_ip_from 10.0.0.0/8;
121+
set_real_ip_from 172.16.0.0/12;
122+
set_real_ip_from 192.168.0.0/16;
123+
124+
limit_req_status 429;
125+
limit_conn_status 429;
126+
127+
limit_req_zone $binary_remote_addr zone=drupal_rps:20m rate=5r/s;
128+
limit_req_zone $binary_remote_addr zone=drupal_heavy:20m rate=1r/s;
129+
limit_conn_zone $binary_remote_addr zone=perip_conn:20m;
118130

119131
add_header X-XSS-Protection '1; mode=block';
120132
add_header X-Frame-Options SAMEORIGIN;

config/nginx/preset.conf

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,12 @@ location / {
7373
try_files $uri @drupal;
7474
}
7575

76+
location ~* ^/(search|jsonapi|graphql)(/|$) {
77+
limit_conn perip_conn 5;
78+
limit_req zone=drupal_heavy burst=10 nodelay;
79+
try_files $uri @drupal;
80+
}
81+
7682

7783
location ~* ^(?:.+\.(?:make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
7884
return 404;
@@ -96,6 +102,8 @@ location / {
96102
}
97103

98104
location @drupal {
105+
limit_conn perip_conn 10;
106+
limit_req zone=drupal_rps burst=30 nodelay;
99107
include fastcgi.conf;
100108
fastcgi_param QUERY_STRING $query_string;
101109
fastcgi_param SCRIPT_NAME /index.php;
@@ -104,6 +112,8 @@ location @drupal {
104112
}
105113

106114
location @drupal-no-args {
115+
limit_conn perip_conn 10;
116+
limit_req zone=drupal_rps burst=30 nodelay;
107117
include fastcgi.conf;
108118
fastcgi_param QUERY_STRING q=$uri;
109119
fastcgi_param SCRIPT_NAME /index.php;
@@ -112,6 +122,8 @@ location @drupal-no-args {
112122
}
113123

114124
location = /index.php {
125+
limit_conn perip_conn 10;
126+
limit_req zone=drupal_rps burst=30 nodelay;
115127
fastcgi_pass php;
116128
}
117129

0 commit comments

Comments
 (0)