#user nginx nginx; worker_processes auto; pid /var/run/nginx.pid; daemon off; events { worker_connections 12288; use epoll; } http { include /etc/nginx/naxsi_core.rules; include mime.types; underscores_in_headers on; ignore_invalid_headers off; default_type application/octet-stream; add_header asp-ip2 $remote_addr always; limit_req_zone $binary_remote_addr zone=limitreq:20m rate=650r/s; # Putting this in location sections instead # limit_req zone=limitreq burst=350 nodelay; limit_req_status 429; limit_conn_status 429; log_format main escape=json '{ "time":"$time_local", "asp-ip":"$remote_addr", "request":"$request", "status":"$status", "size":"$bytes_sent", "req_duration":"$request_time", "response_duration":"$upstream_response_time" }'; log_format errors escape=json '{ "time":"$time_local", "asp-ip":"$remote_addr", "request":"$request", "status":"$status", "size":"$bytes_sent", "req_duration":"$request_time", "response_duration":"$upstream_response_time"}'; access_log /var/log/nginx/access.log main buffer=10k flush=1s; access_log /var/log/nginx/access_abnormal.log errors buffer=10k flush=1s if=$abnormal; error_log /var/log/nginx/error.log warn; reset_timedout_connection on; sendfile off; server_name_in_redirect off; server_tokens off; tcp_nopush on; tcp_nodelay on; port_in_redirect off; client_max_body_size 10M; keepalive_timeout 60s 60s; proxy_next_upstream off; map $status $abnormal { ~^2 0; default 1; } upstream haproxy { server 127.0.0.1:81 weight=1 max_fails=0; # shapping traffic using weights server 127.0.0.1:81 weight=2 max_fails=0; # useful while application rolling updates server 127.0.0.1:81 weight=3 max_fails=0; server 127.0.0.1:81 weight=4 max_fails=0; keepalive 2048; # //see locahost.conf for service level additional params } include /etc/nginx/localhost.conf; }