16 lines
651 B
Nginx Configuration File
16 lines
651 B
Nginx Configuration File
# vim: ft=nginx
|
|
|
|
# Check the Authorization header and, if it is empty, use their proxy protocol
|
|
# IP, else use the header as their unique identifier for rate limiting.
|
|
# Enterprise users will never be using proxy protocol, thus the value will be
|
|
# empty string. This means they will not get rate limited.
|
|
map $http_authorization $registry_bucket {
|
|
"" $proxy_protocol_addr;
|
|
default $http_authorization;
|
|
}
|
|
|
|
limit_req_zone $proxy_protocol_addr zone=webapp:10m rate=25r/s;
|
|
limit_req_zone $proxy_protocol_addr zone=api:10m rate=1r/s;
|
|
limit_req_zone $registry_bucket zone=repositories:10m rate=1r/s;
|
|
limit_req_status 429;
|
|
limit_req_log_level warn;
|