Add basic DoS prevention measures

certidude/templates/server/nginx.conf

@@ -5,6 +5,9 @@
 #
 # Also uncomment URL rewriting and SSL configuration below
 
+limit_req_zone $binary_remote_addr  zone=api:10m rate=30r/m;
+limit_conn_zone $binary_remote_addr zone=addr:10m;
+
 server {
     server_name {{ common_name }};
     listen 80 default_server;
@@ -18,10 +21,13 @@ server {
 #    ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
 #    ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
 
-    error_page 500 502 503 504 /50x.html;
-
     root {{static_path}};
 
+    # Basic DoS prevention measures
+    limit_conn addr 10;
+    client_body_timeout 5s;
+    client_header_timeout 5s;
+
     location /api/ {
         proxy_pass http://127.0.1.1:8080/api/;
         proxy_set_header Host $host;
@@ -30,6 +36,7 @@ server {
         proxy_send_timeout 600;
         proxy_read_timeout 600;
         send_timeout 600;
+        limit_req zone=api burst=5;
     }
 
     # This is for Let's Encrypt