New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How's this reverse proxy config?
Been using this for about 7 months now. I originally got this config from NexMark's and then adjusted it a bit.
Since I'm moving the reverse proxy to a different provider, figured it was a good time to make changes.
If you have any suggestions please post below, other's may find it useful as well.
IP Tables Script
rules.sh
iptables -F iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT iptables -P OUTPUT ACCEPT iptables -P INPUT DROP
cat /etc/nginx/conf.d/domain.com.conf
server { listen 80; server_name domain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name domain.com; ssl_certificate /home/ssl/cert.crt; ssl_certificate_key /home/ssl/cert.key; access_log /home/logs/domain.com.access.log; error_log /home/logs/domain.com.error.log; location / { proxy_pass https://WEBSERVERIP/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-SSL on; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }
Thanked by 1ehab
Comments
Hey, does the nginx part work like a tunnel? Can I use that on a DDOS filtered VPS, and point it to another server?
Thx
yep
Just HTTP/HTTPS (I guess)
I stopped using the reverse proxy, I just bought bought a VPS with DDOS filtered ip from Ramnode, and use cloudflare --> ddos ip.
BuyVM is great as well, I just went with ramnode because of the 24/7 support with super fast replies.
I've never understood the need for 24/7 replies to support tickets. I get people are impatient but if you have an actual issue with your service then the provider will normally already know about it rather than dealing with 100x "My VpS is down. I'm loosing money and will sue you." tickets that are because someone forgot to start their VPS.
I run a production site on RamNode which gets a lot of traffic, It's just peace of mind, RamNode's my #1 choice for production sites, if anything happens at anytime, I know someone will be on top of it within minutes of me opening that ticket.
I've only had to open a ticket once at like 1AM in the 1+ year I've been with RamNode, because there was some networking issue they were having with the IP I was given, and it was sorted out within minutes.