Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How's this reverse proxy config?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How's this reverse proxy config?

xaitmixaitmi Member
edited March 2016 in Help

Been using this for about 7 months now. I originally got this config from NexMark's and then adjusted it a bit.

Since I'm moving the reverse proxy to a different provider, figured it was a good time to make changes.

If you have any suggestions please post below, other's may find it useful as well.

IP Tables Script

rules.sh

iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

cat /etc/nginx/conf.d/domain.com.conf

server {
       listen         80;
       server_name    domain.com;
       return         301 https://$server_name$request_uri;
}
server {
      listen 443 ssl;
      server_name domain.com;

      ssl_certificate /home/ssl/cert.crt;
      ssl_certificate_key /home/ssl/cert.key;

      access_log   /home/logs/domain.com.access.log;
      error_log /home/logs/domain.com.error.log;

      location / {
            proxy_pass https://WEBSERVERIP/;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-SSL on;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_max_temp_file_size 0;
            client_max_body_size 10m;
            client_body_buffer_size 128k;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;

      }
}

Thanked by 1ehab

Comments

  • Hey, does the nginx part work like a tunnel? Can I use that on a DDOS filtered VPS, and point it to another server?

    Thx

  • @vmunich said:
    Hey, does the nginx part work like a tunnel? Can I use that on a DDOS filtered VPS, and point it to another server?

    Thx

    yep

  • ZeastZeast Member
    edited September 2016

    @vmunich said:
    Hey, does the nginx part work like a tunnel? Can I use that on a DDOS filtered VPS, and point it to another server?

    Thx

    Just HTTP/HTTPS (I guess)

  • I stopped using the reverse proxy, I just bought bought a VPS with DDOS filtered ip from Ramnode, and use cloudflare --> ddos ip.

    BuyVM is great as well, I just went with ramnode because of the 24/7 support with super fast replies.

  • trewqtrewq Administrator, Patron Provider

    @xaitmi said:
    I stopped using the reverse proxy, I just bought bought a VPS with DDOS filtered ip from Ramnode, and use cloudflare --> ddos ip.

    BuyVM is great as well, I just went with ramnode because of the 24/7 support with super fast replies.

    I've never understood the need for 24/7 replies to support tickets. I get people are impatient but if you have an actual issue with your service then the provider will normally already know about it rather than dealing with 100x "My VpS is down. I'm loosing money and will sue you." tickets that are because someone forgot to start their VPS.

  • xaitmixaitmi Member
    edited September 2016

    @trewq said:

    @xaitmi said:
    I stopped using the reverse proxy, I just bought bought a VPS with DDOS filtered ip from Ramnode, and use cloudflare --> ddos ip.

    BuyVM is great as well, I just went with ramnode because of the 24/7 support with super fast replies.

    I've never understood the need for 24/7 replies to support tickets. I get people are impatient but if you have an actual issue with your service then the provider will normally already know about it rather than dealing with 100x "My VpS is down. I'm loosing money and will sue you." tickets that are because someone forgot to start their VPS.

    I run a production site on RamNode which gets a lot of traffic, It's just peace of mind, RamNode's my #1 choice for production sites, if anything happens at anytime, I know someone will be on top of it within minutes of me opening that ticket.

    I've only had to open a ticket once at like 1AM in the 1+ year I've been with RamNode, because there was some networking issue they were having with the IP I was given, and it was sorted out within minutes.

Sign In or Register to comment.