How to install sw-nginx-module-nftset-access in CentOS/RHEL 8 (x86_64)
Zero-latency IP blocking using Linux kernel nftables sets
Install
# The Plesk control panel must be installed on your server.
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --enable getpagespeed-extras-plesk
sudo dnf -y install sw-nginx-module-nftset-access
Description
High-performance NGINX module for IP-based access control using Linux kernel nftables sets. Key Features: - Blacklist/Whitelist modes: Block or allow IPs based on nftables set membership - Multiple sets: Check against multiple nft sets in one directive - Live updates: Modify nft sets without reloading NGINX - Honeypot auto-add: Automatically add malicious IPs to nftables sets with configurable timeouts - Built-in rate limiting: Per-IP rate limiting with auto-ban to nftables sets - JavaScript challenges: Proof-of-work challenges to filter bots - Dual-stack support: Works with both IPv4 and IPv6 nftables sets - Custom status codes: Return any HTTP status when blocking - CIDR support: Use interval sets for network ranges - Prometheus metrics: Native /metrics endpoint for monitoring - JSON stats API: Detailed statistics endpoint - LRU cache: Shared memory cache for high-performance lookups Successor to ipset-access module, using modern nftables instead of legacy ipset. Compatible with realip module for proper client IP detection behind proxies. Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage includes a systemd override and helper library to enable this automatically. After installation, enable this module by running: plesk sbin nginx_modules_ctl --enable nftset-access