vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

nginx: make rate limiting awesome

Browse source
This commit is contained in:
Jimmy Zelinskie 2015-02-19 16:24:05 -05:00
parent 01811ee793
commit 4a2b25200a
6 changed files with 34 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

12
conf/rate-limiting.conf
View file

@ -1,8 +1,16 @@
# vim: ft=nginx
# Check the Authorization header and, if it is empty, use their proxy protocol
# IP, else use the header as their unique identifier for rate limiting.
# Enterprise users will never be using proxy protocol, thus the value will be
# empty string. This means they will not get rate limited.
map $http_authorization $registry_bucket {
"" $proxy_protocol_addr;
default $http_authorization;
}
limit_req_zone $proxy_protocol_addr zone=webapp:10m rate=25r/s;
limit_req_zone $proxy_protocol_addr zone=authrepositories:10m rate=1r/s;
limit_req_zone $proxy_protocol_addr zone=unauthrepositories:10m rate=2r/m;
limit_req_zone $proxy_protocol_addr zone=api:10m rate=1r/s;
limit_req_zone $registry_bucket zone=repositories:10m rate=1r/s;
limit_req_status 429;
limit_req_log_level warn;