user nginx; worker_processes auto; timer_resolution 100ms; worker_rlimit_nofile 2048; error_log /var/log/nginx/error.log info; events { worker_connections 512; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" '; gzip on; gzip_min_length 4096; gzip_buffers 16 8k; gzip_types text/css text/xml application/xml application/x-javascript application/javascript text/javascript text/plain; sendfile on; tcp_nopush on; tcp_nodelay on; # Simple anti-DDoS protection, part 1, limiting the timeouts and buffer sizes: client_header_timeout 5; client_body_timeout 5; send_timeout 5; keepalive_timeout 10; reset_timedout_connection on; # Required on aarch64 (a1 and m6g AWS instances): #server_names_hash_bucket_size 64; large_client_header_buffers 4 16k; client_max_body_size 32m; # Protect against a bug in IE 10&11, http://habrahabr.ru/company/pt/blog/249809/ : add_header X-Frame-Options SAMEORIGIN; # Hide the version of nginx from hackers: server_tokens off; # Simple anti-DDoS protection, part 2.1, limiting the number of connection and requests per IP address: limit_req_zone $binary_remote_addr zone=reqsperip:16m rate=4r/s; limit_conn_zone $binary_remote_addr zone=connsperip:16m; # Simple anti-DDoS protection, part 4, beating off the bots that do not send Host: headers server { listen *:80; server_name noname; return 444; } server { listen *:80; server_name localhost; access_log /var/log/nginx/pma.log main; index index.php index.html; root /www/pma; # Simple anti-DDoS protection, part 2.2a, maximum 8 connections per source IP: limit_conn connsperip 8; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { # Simple anti-DDoS protection, part 2.2b, maximum 12 requests to PHP scripts per source IP: limit_req zone=reqsperip burst=12 nodelay; fastcgi_pass 127.0.0.1:59038; fastcgi_buffer_size 16k; fastcgi_busy_buffers_size 16k; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } include static.conf; } }