# vim: ft=nginx # Check the Authorization header and, if it is empty, use their proxy protocol # IP, else use the header as their unique identifier for rate limiting. # Enterprise users will never be using proxy protocol, thus the value will be # empty string. This means they will not get rate limited. map $http_authorization $registry_bucket { "" $proxy_protocol_addr; default $http_authorization; } limit_req_zone $proxy_protocol_addr zone=verbs:10m rate=1r/s; limit_req_zone $registry_bucket zone=repositories:10m rate=1r/s; limit_req_status 429; limit_req_log_level warn;