vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

nginx: create unauth/auth ratelimiting

Browse source 
This also removes nodelay on rate limiting and temporarily blacklists an
IP address.
This commit is contained in:
Jimmy Zelinskie 2015-02-19 12:32:06 -05:00
parent 42db221576
commit b7159293c1
2 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
conf/proxy-server-base.conf
View file

@ -19,7 +19,7 @@ proxy_set_header Transfer-Encoding $http_transfer_encoding;
location / {
proxy_pass http://web_app_server;
limit_req zone=webapp burst=25 nodelay;
limit_req zone=webapp;
}
location /realtime {
@ -29,6 +29,9 @@ location /realtime {
}
location /v1/repositories/ {
# blacklisted for bad behavior 19FEB2015
deny 107.23.4.180;
proxy_buffering off;
proxy_request_buffering off;
@ -39,7 +42,11 @@ location /v1/repositories/ {
client_max_body_size 20G;
limit_req zone=repositories burst=5 nodelay;
if ($http_authorization) {
limit_req zone=authrepositories
}
limit_req zone=unauthrepositories;
}
location /v1/ {
@ -63,7 +70,7 @@ location /c1/ {
proxy_read_timeout 2000;
proxy_temp_path /var/log/nginx/proxy_temp 1 2;
limit_req zone=api burst=5 nodelay;
limit_req zone=api;
}
location /static/ {

3
conf/rate-limiting.conf
View file

@ -1,7 +1,8 @@
# vim: ft=nginx
limit_req_zone $proxy_protocol_addr zone=webapp:10m rate=25r/s;
limit_req_zone $proxy_protocol_addr zone=repositories:10m rate=1r/s;
limit_req_zone $proxy_protocol_addr zone=authrepositories:10m rate=1r/s;
limit_req_zone $proxy_protocol_addr zone=unauthrepositories:10m rate=2r/m;
limit_req_zone $proxy_protocol_addr zone=api:10m rate=1r/s;
limit_req_status 429;
limit_req_log_level warn;