diff --git a/nginx.conf b/nginx.conf index 2248feb..d20b3ea 100644 --- a/nginx.conf +++ b/nginx.conf @@ -27,12 +27,18 @@ http { server_tokens off; charset utf-8; + map $server_protocol $h1_addr { + default ""; + "HTTP/1.0" $binary_remote_addr; + "HTTP/1.1" $binary_remote_addr; + } + limit_conn_status 444; limit_conn_zone $binary_remote_addr zone=addr_conn:10m; - limit_conn_zone $binary_remote_addr zone=h1_conn:10m; + limit_conn_zone $h1_addr zone=h1_conn:10m; limit_req_status 444; limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/s; - limit_req_zone $binary_remote_addr zone=h1_req:10m rate=10r/m; + limit_req_zone $h1_addr zone=h1_req:10m rate=10r/m; types { text/html html; @@ -52,12 +58,12 @@ http { listen 80; server_name ismist.cn localhost; + limit_conn h1_conn 10; + limit_req zone=h1_req burst=5 nodelay; + limit_conn addr_conn 100; limit_req zone=addr_req burst=20 nodelay; - limit_conn h1_conn 5; - limit_req zone=h1_req burst=10 nodelay; - root ui; location = / { diff --git a/nginx.ssl.conf b/nginx.ssl.conf index 9f49deb..72c66fb 100644 --- a/nginx.ssl.conf +++ b/nginx.ssl.conf @@ -27,12 +27,21 @@ http { server_tokens off; charset utf-8; + map $server_protocol $h1_addr { + default ""; + "HTTP/1.0" $binary_remote_addr; + "HTTP/1.1" $binary_remote_addr; + } + limit_conn_status 444; limit_conn_zone $binary_remote_addr zone=addr_conn:10m; - limit_conn_zone $binary_remote_addr zone=h1_conn:10m; + limit_conn_zone $h1_addr zone=h1_conn:10m; limit_req_status 444; limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/s; - limit_req_zone $binary_remote_addr zone=h1_req:10m rate=10r/m; + limit_req_zone $h1_addr zone=h1_req:10m rate=10r/m; + + limit_conn h1_conn 10; + limit_req zone=h1_req burst=5 nodelay; types { text/html html; @@ -51,10 +60,8 @@ http { server { listen 80; listen [::]:80; - server_name ismist.cn; - limit_conn h1_conn 5; - limit_req zone=h1_req burst=10 nodelay; + server_name ismist.cn; location / { return 301 https://$host$request_uri;