vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8616 commits 2 branches 62 tags 205 MiB
Commit graph

27 commits

Author SHA1 Message Date
Joseph Schorr
2f297ab4fe Increase the rate limit on the API 2018-07-18 15:44:20 -04:00
Joseph Schorr
91e7b4264e Increase burst rate on API rate limit to allow security scan info to be loaded 2018-07-18 15:23:58 -04:00
Joseph Schorr
33a8099f35 Temporarily double the request limit. We'll start ratcheting it down over time. 2018-06-20 14:31:51 -04:00
Joseph Schorr
1d94e4d605 Audit out endpoints and ensure everything has a defined rate limit (even if quite large) 
For registry operations, these were the numbers found at time the PR was written:

download_blob 108 per second across fleet
v2_auth 180 per second across fleet
catalog 1 per second across fleet
fetch_manifest 205 per second across fleet
list_all_tags 150 per second across fleet

With an average fleet size of 25. As a result, we went with a registry limit of 10r/s (10 * 25 = 250 requests) to bound even the most prolific puller.

Fixes https://jira.coreos.com/browse/QUAY-976
 2018-06-20 13:36:24 -04:00
Joseph Schorr
ef167ab7e3 Rate limit the catalog endpoint by auth token and IP address 2018-06-05 18:24:31 -04:00
Jimmy Zelinskie
e542de7e65 nginx: temporarily disable catalog for production 2018-06-05 16:06:10 -04:00
Joseph Schorr
e20295f573 Fix Kubernetes config provider for recent changes in Kub API 
Kubernetes secret volumes are now mounted as read-only, so we have to write the files *only* via the Kub API

Fixes https://jira.coreos.com/browse/QUAY-911
 2018-04-22 17:22:28 +03:00
Joseph Schorr
9f996a8745 Change worker processes to be auto set based on CPU count 
Fixes https://jira.coreos.com/browse/QS-109
 2018-01-10 11:10:57 -05:00
Jimmy Zelinskie
e36bf25a5e nginx: rate limit 1r/s 
This reduces our rate limiting down to to 1 request per second.
 2017-12-13 13:15:32 -05:00
Joseph Schorr
bd67eaf856 Make SSL more resilient and cached 2017-09-05 18:02:07 -04:00
Alec Merdler
fb7df1e568 fixed 502 route in Nginx config 2017-07-27 14:45:18 -04:00
Antoine Legrand
cdb3722c17 Use $QUAYPATH and $QUAYDIR in conf and init files 2017-07-05 16:23:54 +02:00
Joseph Schorr
bf51ec20e8 Disable gzip on HEAD requests in v2 endpoints 
nginx's gzip module will ignore the content-length header on the HEAD request and try to gzip the body.... but there is no body, so it simply writes no header at all.

Code to turn this off was based off of https://trac.nginx.org/nginx/ticket/261
 2017-05-03 18:27:45 -04:00
Jimmy Zelinskie
f6a785c1b5 conf/nginx: add cnr path 2017-03-23 13:06:22 -04:00
Joseph Schorr
dd35677712 Add configurable maximum layer size in nginx 2017-03-21 13:14:11 -04:00
Evan Cordell
41033ae05d fix typo 2017-02-23 19:03:26 -05:00
Evan Cordell
ecd441269b Pass host to apostille (required for k8s ingress) 2017-02-23 18:29:02 -05:00
Evan Cordell
16ec19d356 Add dnsmasq so nginx will allow an upstream service to not block startup 2017-02-23 14:38:16 -05:00
Evan Cordell
9affe193db Add support for tuf metadata endpoints 2017-02-23 14:38:16 -05:00
Jake Moshenko
51ba68d135 Configure nginx to gzip our svg and js files. 2016-11-29 09:30:52 -05:00
Joseph Schorr
2726405ea5 Enable full debuggable logs on non-proxy protocol nginx config 
Fixes #2037
 2016-11-28 16:29:35 -05:00
Joseph Schorr
5109f4a04e Change read timeout on WAMP to 5 min 2016-11-01 16:07:17 -04:00
Joseph Schorr
460137779f Switch proxy resolver to use the local resolv.conf values 2016-09-29 11:13:41 +02:00
Joseph Schorr
dd2e086a20 Add feature flag to force all direct download URLs to be proxied 
Fixes #1667
 2016-09-29 11:13:41 +02:00
Joseph Schorr
d34650976a Set the proxy_read_timeout for the builder web socket to be much higher 
We rarely send data from the build manager to the builder, so this should make sure nginx doesn't accidentally kill the connection

Fixes #1782
 2016-09-27 12:37:26 +02:00
Jimmy Zelinskie
46e11894d7 nginx: fix paths to stack 2016-08-13 13:53:04 -04:00
Jimmy Zelinskie
6a681bb748 move nginx 2016-08-10 16:14:54 -04:00