From 4cfeba80ca1db56cf12aef8b6282a13b4854d34c Mon Sep 17 00:00:00 2001 From: rohow Date: Wed, 30 Oct 2024 19:01:57 +0800 Subject: [PATCH] =?UTF-8?q?feat(nginx):=20=E6=96=B0=E5=A2=9E=E8=AF=B7?= =?UTF-8?q?=E6=B1=82=E9=80=9F=E7=8E=87=E9=99=90=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/infra/monitor/crowdsec/helmchart.yaml | 30 +++++++++++++--------- apps/infra/net/nginx/helmchart.yaml | 9 +++++-- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/apps/infra/monitor/crowdsec/helmchart.yaml b/apps/infra/monitor/crowdsec/helmchart.yaml index d0146d4..10d28d9 100644 --- a/apps/infra/monitor/crowdsec/helmchart.yaml +++ b/apps/infra/monitor/crowdsec/helmchart.yaml @@ -33,7 +33,7 @@ spec: type: nginx env: - name: COLLECTIONS - value: "crowdsecurity/base-http-scenarios" + value: "crowdsecurity/base-http-scenarios crowdsecurity/http-dos" - name: SCENARIOS value: "crowdsecurity/nginx-req-limit-exceeded" persistentVolume: @@ -86,41 +86,47 @@ spec: # nginx access logs - filter: TrimSpace(evt.Parsed.message) startsWith "{" && UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, "nginx") in ["", nil] statics: + - meta: service + value: http - meta: log_type value: http_access-log - target: evt.StrTime - expression: evt.Parsed.time - - meta: service - value: http + expression: evt.Unmarshaled.nginx.time_local - meta: source_ip expression: evt.Unmarshaled.nginx.remote_addr - meta: http_status expression: evt.Unmarshaled.nginx.status - meta: http_path - expression: evt.Unmarshaled.nginx.request + expression: evt.Unmarshaled.nginx.request_uri + - meta: http_verb + expression: evt.Unmarshaled.nginx.request_method - meta: http_user_agent expression: evt.Unmarshaled.nginx.http_user_agent + - meta: target_fqdn + expression: evt.Unmarshaled.nginx.server_name # nginx error logs - grok: pattern: '(%{IPORHOST:target_fqdn} )?%{NGINXERRTIME:time} \[%{LOGLEVEL:loglevel}\] %{NONNEGINT:pid}#%{NONNEGINT:tid}: (\*%{NONNEGINT:cid} )?%{GREEDYDATA:message}, client: %{IPORHOST:remote_addr}, server: %{DATA:target_fqdn}, request: "%{WORD:verb} ([^/]+)?%{NGCUSTOMURIPATHPARAM:request}( HTTP/%{NUMBER:http_version})?", host: "%{IPORHOST}(:%{NONNEGINT})?"' apply_on: message statics: + - meta: service + value: http - meta: log_type value: http_error-log - target: evt.StrTime expression: evt.Parsed.time - - meta: service - value: http - meta: source_ip - expression: "evt.Parsed.remote_addr" + expression: evt.Parsed.remote_addr - meta: http_status - expression: "evt.Parsed.status" + expression: evt.Parsed.status - meta: http_path - expression: "evt.Parsed.request" + expression: evt.Parsed.request + - meta: http_verb + expression: evt.Parsed.verb - meta: http_user_agent - expression: "evt.Parsed.http_user_agent" + expression: evt.Parsed.http_user_agent - meta: target_fqdn - expression: "evt.Parsed.target_fqdn" + expression: evt.Parsed.target_fqdn pattern_syntax: NO_DOUBLE_QUOTE: '[^"]+' onsuccess: next_stage diff --git a/apps/infra/net/nginx/helmchart.yaml b/apps/infra/net/nginx/helmchart.yaml index 54f59a8..09def10 100644 --- a/apps/infra/net/nginx/helmchart.yaml +++ b/apps/infra/net/nginx/helmchart.yaml @@ -34,15 +34,20 @@ spec: ssl-redirect: "true" # 自定义错误页面 custom-http-errors: "403,404,502,503" - # 缓存配置 http-snippet: | + # 缓存配置 proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=cache:2m max_size=100m inactive=7d use_temp_path=off; proxy_cache_key $uri$is_args$args; proxy_cache_lock on; proxy_cache_use_stale updating; - # dns配置 + # 限速配置 + limit_req_zone $binary_remote_addr zone=global_limit:10m rate=10r/s; server-snippet : | + # dns配置 resolver 169.254.20.10 10.43.0.10 ipv6=off; + location-snippet: | + # 限速配置 + limit_req zone=global_limit burst=30 nodelay; # 启用geoip2模块 use-geoip: "false" use-geoip2: "true"