Nginx_Notes

TODO - more 'splainin.

GeoIP Database Setup:

https://dev.maxmind.com/geoip/geoipupdate/

https://dev.maxmind.com/geoip/geoip2/geolite2/

/etc/GeoIP.conf

# GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1.
# Used to update GeoIP databases from https://www.maxmind.com.
# For more information about this config file, visit the docs at
# https://dev.maxmind.com/geoip/geoipupdate/.

# `AccountID` is from your MaxMind account.
AccountID $GeoIP_Account

# `LicenseKey` is from your MaxMind account
LicenseKey $GeoIP_License

# `EditionIDs` is from your MaxMind account.
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country

nginx.conf:

####
# GeoIP Blocking
#####

geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
  auto_reload 5m;
  $geoip2_data_country_iso_code country iso_code;
}

map $geoip2_data_country_iso_code $allowed_country {
  default no;
  US yes;
}

Logswwan

https://github.com/fcambus/logswan

sudo logswan -d /var/lib/GeoIP/GeoLite2-Country.mmdb -g /var/log/nginx/access.log

OSCP Stapling:

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

Reference

upstream Proxy Config:

set_real_ip_from	$UPSTREAM_CIDR;
real_ip_header		proxy_protocol;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";

Nginx_Info.sh

#!/bin/bash
#Variable for Current Date.
c_date=$(date -u +"%d/%b/%Y")

# case insensitive match 'error' in nginx access.log and colorize output
echo -e "Case Insensitive match for error:"
grep -i error /var/log/nginx/error.log |ccze -A
echo -e "-----"
# how many 404 errors today?
echo -e "How many 404's today:"
grep "\" 404 " /var/log/nginx/access.log |grep "$c_date" |wc -l
echo -e "-----"
# what caused 404 errors, how many times did each one happen, and sort based on # times, and colorize
grep "\" 404 " /var/log/nginx/access.log |grep "$c_date" |cut -d \" -f 2 |sort |uniq -c |sort -rh |ccze -A
echo -e "-----"
# Total # of http requests
echo -e "Total http reqs:"
grep "$c_date" /var/log/nginx/access.log |wc -l
echo -e "-----"
# Total # of http requests that generated a 200 response code:
echo -e "Total http 200 return code:"
grep "$c_date" /var/log/nginx/access.log |grep "\" 200 " |wc -l
echo -e "-----"
# Total # of unique IPs:
echo -e "Total # of Unique IPs:"
grep "$c_date" /var/log/nginx/access.log |awk '{print $1}' |sort -u |wc -l
echo -e "-----"
# unique IPs today sorted by # of requests
echo -e "Unique IPs sorted by # of requests:"
grep "$c_date" /var/log/nginx/access.log |awk '{print $1}' |sort |uniq -c |sort -rh
echo -e "-----"
# top 20 referrer urls for today:
echo -e "Top 20 referrer URLs:"
grep $c_date /var/log/nginx/access.log |cut -d \" -f 4 |sort |uniq -c |sort -rh |head -20
echo -e "-----"
# top 20 webserver requests for today
echo -e "Top 20 webserver requests today:"
grep "$c_date" /var/log/nginx/access.log |cut -d \" -f 2 |sort |uniq -c |sort -rh |head -20