@Madchatthew said in TNG + Nodebb:
you have to try and use duck tape and super glue to change something to make it do what you want it to do
I couldn’t have put that better myself.
I have chaneg nginx conf with :
worker_rlimit_nofile 70000;
events {
worker_connections 65535;
multi_accept on;
}
CF is under attack mode
@DownPW I still have access to your Cloudflare tenant so will have a look shortly.
EDIT: I am in now - personally, I would also enable this (and configure it)
@phenomlab I have already activate it and add a waf rules for russian country
With this bots settings :
and this settings for ddos protection :
@DownPW said in NODEBB: Nginx error performance & High CPU:
I have already activate it
Are you sure? When I checked your tenant it wasn’t active - it’s from where I took the screenshot
yep I activate it after
For your information @phenomlab ,
iptables -I INPUT -s IPADDRESS -j DROP
worker_rlimit_nofile 70000;
events {
worker_connections 65535;
multi_accept on;
}
http {
##
# Basic Settings
##
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
limit_req zone=flood burst=100 nodelay;
limit_conn_zone $binary_remote_addr zone=ddos:10m;
limit_conn ddos 100;
100r/s iit’s already a lot !!
and for vhost file :
server {
.....
location / {
limit_req zone=flood; #Test
limit_conn ddos 100; #Test
}
–> If you have other ideas, I’m interested
–> If you have better values to use in what I modified, please let me know.
@DownPW my only preference would be to not set worker_connections
so high
Ok so what value do you advise?
@DownPW you should base it on the output of ulimit
- see below
With that high value you run the risk of overwhelming your server.
@DownPW And the worker_processes
value ? I expect this to be between 1 and 4 ?
worker_processes auto;
@DownPW ok. You should refer to that some article I previously provided. You can probably set this to a static value.
Ok I will see it for better worker_processes value
I add a rate limite request and limit_conn_zone on http block and vhost block :
– nginx.conf:
http {
#Requete maximun par ip
limit_req_zone $binary_remote_addr zone=flood:10m rate=100r/s;
#Connexions maximum par ip
limit_conn_zone $binary_remote_addr zone=ddos:1m;
-- vhost.conf :
location / {
limit_req zone=flood burst=100 nodelay;
limit_conn ddos 10;
–> I have test other value for rate and burst but they cause problem access to the forum. If you have better, I take it
I add today a proxy_read_timeout on vhost.conf (60 by default)
proxy_read_timeout 180;
I have deactivate underattack mode on CF and change for high Level
I have add other rules on CF waf :
@DownPW what settings do you have in advanced (in settings) for rate limit etc?
@phenomlab said in NODEBB: Nginx error performance & High CPU:
@DownPW what settings do you have in advanced (in settings) for rate limit etc?
In cloudflare ?
I wanted to test awstats on virtualmin with root account and it hasn’t updated since August 2022.
I wanted to regenerate the files but I have a problem of rights.
What do you think ? and how t ore-generate a rapport correctly
I would like to use it to better manage the @ips that connect to the server
@DownPW no, sorry - in NodeBB ACP
@DownPW from recollection, awstats
is accessible via the web front end, so (for example) https://mydomain.com/awstats
However, as you are pushing everything into a reverse proxy you’ll need to add a custom route in the nginx.conf
file you are using on the website so this can be rendered outside of NodeBB.
@phenomlab said in NODEBB: Nginx error performance & High CPU:
@DownPW no, sorry - in NodeBB ACP
Here is the value