How to configure ddos in ubuntu server with nginx

Configuring DDoS Protection in Nginx on Ubuntu

To configure basic DDoS protection in Nginx on Ubuntu, follow these steps:

1. Install Nginx:

sudo apt install nginx

2. Limit the request rate:

Open the nginx.conf file:

sudo nano /etc/nginx/nginx.conf

Add the following lines in the http block:

limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;

This will limit requests to 30 per minute from each IP address.

3. Limit the number of connections:

Add this to the http block:

limit_conn_zone $binary_remote_addr zone=addr:10m;

And add this to the server block:

limit_conn addr 10; 

This will limit each IP to 10 concurrent connections.

4. Enable connection timeouts:

Add these lines to the http block:

client_body_timeout 10;  
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

This will close idle connections after 5 seconds.

5. Denylist IP addresses:

To block specific IP addresses, add:

deny 123.123.123.1;
deny 123.123.123.2;  

To the server block.

6. Restart Nginx:

sudo systemctl restart nginx

These basic Nginx configuration options can help mitigate some DDoS attacks by limiting the rate of incoming requests, connections, and timeouts. However, for strong protection against large DDoS attacks, a dedicated DDoS protection service is recommended.

Sources

1. https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
2. https://webhostinggeeks.com/howto/nginx-ddos-attack-tutorial/
3. https://www.maketecheasier.com/prevent-ddos-attack-nginx/