From 2a826f52d4e00e0d22afae752cdb86f8f24c1903 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Wed, 25 Feb 2015 12:32:30 -0500
Subject: [PATCH 1/2] nginx: rename api rate limit bucket to verbs

---
 conf/rate-limiting.conf | 2 +-
 conf/server-base.conf   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/rate-limiting.conf b/conf/rate-limiting.conf
index f9b43e6ef..d7e80c67d 100644
--- a/conf/rate-limiting.conf
+++ b/conf/rate-limiting.conf
@@ -9,7 +9,7 @@ map $http_authorization $registry_bucket {
   default $http_authorization;
 }
 
-limit_req_zone $proxy_protocol_addr zone=api:10m rate=2r/s;
+limit_req_zone $proxy_protocol_addr zone=verbs:10m rate=2r/s;
 limit_req_zone $registry_bucket zone=repositories:10m rate=2r/s;
 limit_req_status 429;
 limit_req_log_level warn;
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 7e7c987f2..3c6c67cf0 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -57,7 +57,7 @@ location /c1/ {
     proxy_pass   http://verbs_app_server;
     proxy_temp_path /var/log/nginx/proxy_temp 1 2;
 
-    limit_req zone=api burst=10;
+    limit_req zone=verbs burst=10;
 }
 
 location /static/ {

From b4b06ec8c85162213249c8e1612b0c3d58804364 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Wed, 25 Feb 2015 12:32:48 -0500
Subject: [PATCH 2/2] nginx: add comment explaining repo rate limiting

---
 conf/server-base.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/conf/server-base.conf b/conf/server-base.conf
index 3c6c67cf0..2f03b11b2 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -26,6 +26,9 @@ location /realtime {
     proxy_request_buffering off;
 }
 
+# At the begining and end of a push/pull, /v1/repositories is hit by the Docker
+# client. By rate-limiting just this endpoint, we can avoid accidentally
+# blocking pulls/pushes for images with many layers.
 location /v1/repositories/ {
     proxy_buffering off;