Why Nginx (Engine X)?
Sorry for the layout, I'm a noob at writing tutorials, A video tutorial with voice naration will be uploaded soon
We recommend getting a DDoS Protected VPS/Server to defend yourself against Layer 4
Nginx Will pass true HTTP Request's and will drop the bad requests (Floods)
Prerequisites
64MB Ram Minimum
Centos 6 32-64 Bit will do
EPEL repository
Apache Uninstalled to free port 80
Step One
This step isn't really needed however it's good to keep stuff updated
Run Yum update -y
Also by default, Centos Installs Apache, So we're going to need to uninstall that to free port 80 to be used for Nginx
Run the following to get rid of Apache
Yum remove httpd -y
Step Two
We're going to need to install the EPEL repo as you won't find the Nginx package with your current default repo's
So visit this page https://fedoraproject.org/wiki/EPEL
Then copy the direct url of the package and do something like this
rpm -Uvh insert repo package direct link here
However I've done this for you already so just run the following
rpm -Uvh http://mirror.ancl.hawaii.edu/linux/epel/6/i386/epel-release-6-8.noarch.rpm
Step Three
We're now going to install Nginx, To do that run the following command
yum install nginx -y
Now we're going to adjust the Nginx configuration
Run the following command
cd /etc/nginx/conf.d
Now we're going to delete the default configuration, As we're not going to need it.
You can delete it with rm default.conf or move it with mv default.conf default.conf.disabled
Either way works
Step Four
We're now going to setup the actual reverse proxy, Using your favorite text editor, Mine is Nano, We're going to add the configuration
To install nano do the following yum install nano -y
In my case of using nano, I'll do the following command
Nano testproxy.conf Feel free to name your configuration file anything you want
Then i'll edit these values to my own domain and IP Address
Then I'll paste it in
server {
listen 80;
server_name YourDomain.com;
access_log off;
error_log off;
location / {
proxy_pass http://Source IP/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
Make sure you adjust the YourDomain.com in the server_name are and the Source IP for the Proxy_Pass Area
Then you'll save the configuration
Add the IP Tables rule to allow Port 80
iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save
service iptables restart
We'll start Nginx with the following command
service nginx start
And make sure Nginx starts on a reboot, With the following command
chkconfig nginx on
If all goes Well, Your VPS IP can be used as an A Record for your Website
Congratulations, You're now using a Reverse Proxy for your website!
Here's some adjustment's for Cloudflare usage and Additional Flood Protection
Adjust the Main Nginx configuration by editing /etc/nginx/nginx.conf
To restore your visitor's IP, Add this little snippet of code into the HTTP Block
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
real_ip_header CF-Connecting-IP;
For HTTP Flood based Attacks add this into the HTTP Block
limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s;
limit_req zone=slimitss burst=10;
Save the config file and restart nginx