From 64bea5387b5ffbba8b465047a2641ed1fed5ae57 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Fri, 23 Jan 2015 16:04:06 -0500
Subject: [PATCH] nginx: rate limiting only on proxy protocol

---
 conf/nginx.conf         | 2 ++
 conf/rate-limiting.conf | 4 ++--
 conf/server-base.conf   | 8 ++++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 78ade7e74..2d096c8b8 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -26,6 +26,8 @@ http {
     server {
         include proxy-protocol.conf;
 
+        set $ratelimit 1;
+
         include server-base.conf;
 
         listen 8443 default proxy_protocol;
diff --git a/conf/rate-limiting.conf b/conf/rate-limiting.conf
index 937397ec9..9998bbca3 100644
--- a/conf/rate-limiting.conf
+++ b/conf/rate-limiting.conf
@@ -1,6 +1,6 @@
 # vim: ft=nginx
 
-limit_req_zone $binary_remote_addr zone=webapp:10m rate=10r/s;
-limit_req_zone $binary_remote_addr zone=api:10m rate=1r/s;
+limit_req_zone $proxy_protocol_addr zone=webapp:10m rate=10r/s;
+limit_req_zone $proxy_protocol_addr zone=api:10m rate=1r/s;
 limit_req_status 429;
 limit_req_log_level warn;
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 9284fe1cf..ac671e95d 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -42,7 +42,9 @@ location /v1/ {
 
     client_max_body_size 20G;
 
-    #limit_req zone=api burst=5 nodelay;
+    if ($ratelimit) {
+      limit_req zone=api burst=5 nodelay;
+    }
 }
 
 location /c1/ {
@@ -54,7 +56,9 @@ location /c1/ {
     proxy_read_timeout 2000;
     proxy_temp_path /var/log/nginx/proxy_temp 1 2;
 
-    #limit_req zone=api burst=5 nodelay;
+    if ($ratelimit) {
+      limit_req zone=api burst=5 nodelay;
+    }
 }
 
 location /static/ {