Navid
-
Posts
9 -
Joined
-
Last visited
Posts posted by Navid
-
-
Hi, dear Sandeep you're always very helpful, God Bless you.
I added the config like below:
user nobody; worker_processes auto; #worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; client_max_body_size 256m; client_header_buffer_size 4k; client_body_buffer_size 256k; large_client_header_buffers 4 32k; send_timeout 3m; keepalive_timeout 60 60; reset_timedout_connection on; server_names_hash_max_size 1024; server_names_hash_bucket_size 1024; ignore_invalid_headers on; connection_pool_size 256; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; server_tokens off; include mime.types; default_type application/octet-stream; # Compression gzip gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_min_length 512; gzip_comp_level 6; gzip_buffers 8 64k; gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype; # Proxy settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffers 32 4k; proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 1d; open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; open_file_cache max=5000 inactive=30s; open_log_file_cache max=1024 inactive=30s min_uses=2; # SSL Settings ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"; # Logs log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; #access_log /var/log/nginx/access.log main; access_log off; # Cache bypass map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # Include additional configuration include /etc/nginx/cloudflare.inc; include /etc/nginx/conf.d/*.conf; }
and added those line you recommend and the below line as well: server_tokens off;
kindly recommend us more to make is more secure and stable and high perfromance please
regards.
-
HI, I mean on how can hardening the server by nginx.conf more than usual
user nobody; worker_processes auto; #worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; client_max_body_size 256m; client_header_buffer_size 4k; client_body_buffer_size 256k; large_client_header_buffers 4 32k; send_timeout 3m; keepalive_timeout 60 60; reset_timedout_connection on; server_names_hash_max_size 1024; server_names_hash_bucket_size 1024; ignore_invalid_headers on; connection_pool_size 256; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; include mime.types; default_type application/octet-stream; # Compression gzip gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_min_length 512; gzip_comp_level 6; gzip_buffers 8 64k; gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype; # Proxy settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffers 32 4k; proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 1d; open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; open_file_cache max=5000 inactive=30s; open_log_file_cache max=1024 inactive=30s min_uses=2; # SSL Settings ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"; # Logs log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format bytes '$body_bytes_sent'; #access_log /var/log/nginx/access.log main; access_log off; # Cache bypass map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # Include additional configuration include /etc/nginx/cloudflare.inc; include /etc/nginx/conf.d/*.conf; }I mean what else we have to add to the above config file to make it more secure and highly performance
kindly guide us. thank you
-
Hi, I hope you are be fine. Kindly guide me on how can make a high secure and top performance config for
/etc/nginx/nginx.conf
which help the server against attacker and keep server more secure and mitigate attacks.
Kindly share the whole ngnix.conf here with full details.
thank you very much.
-
HI, Dear guys please guide me on how to install Snort or alternatively intrusion system in cwp admin for mitigate the attack an sql injection please
thank you very much.
-
HI, as well the cron is not script is not working that you guided below
0 0 * * 0 /usr/bin/sh /root/clearlog.shI set it from cwp admin, it will work from your point of view??
thanks.
-
HI, kindly guide me on how can fix this error:
truncate: cannot open ‘/var/log/cwpsecure/reject_003.log’ for writing: No such file or directorythank you
-
HI, when I run the the above command, getting the below error:
[root@cloud ~]# systemctl restart logrotate.timer logrotate Failed to restart logrotate.timer: Unit not found. Failed to restart logrotate.service: Unit not found. [root@cloud ~]# systemctl status logrotate.timer logrotate Unit logrotate.timer could not be found. Unit logrotate.service could not be found.please guide me
thanks.
-
HI, thank you very much dear Sandeep for you nice comprehensive answer
just I would to ask about this line:
/usr/local/cwp/php71/var/log/*.log
incase using php 8.1 instead of the php 7.1, it's nee to change: /usr/local/cwp/php81/var/log/*.log or it's not necessary
thanks
Import Big file Size of Database to MySQL
in MariaDB/MySQL
Posted
HI, I would to Import and big database file around 2.5 G, to a user account(website) kindly guide on how can I cope with please.
Note: I used this command : mysql -u alemaren_gild -p alemaren_statute < alemaren_english.sql but it's not working and I getting access dined error.
waiting for you help
thanks.