diff --git a/reverseproxy.conf b/reverseproxy.conf index 383aeeb..8be866b 100644 --- a/reverseproxy.conf +++ b/reverseproxy.conf @@ -21,6 +21,8 @@ http { map $request_method $cache_bypass { default 0; POST 1; + PUT 1; + DELETE 1; } client_body_temp_path /opt/bitnami/nginx/tmp/client_temp; @@ -36,6 +38,31 @@ http { proxy_cache_use_stale timeout updating; proxy_ignore_headers Cache-Control Expires Set-Cookie; + proxy_buffering on; + proxy_buffers 8 16k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + proxy_max_temp_file_size 1024m; + + geo $admin { + default 1; + 10.0.0.0/8 0; # Private Network + 192.168.0.0/24 0; # Localhost Network + 141.57.0.0/16 0; # HTWK Leipzig Network + 172.18.0.0/24 0; # Docker Internal Network + } + + map $admin $limit_key { + 0 ""; + 1 $binary_remote_addr; + } + + # Limit the number of requests per IP + limit_req_zone $limit_key zone=feed:20m rate=10r/m; + limit_req_zone $limit_key zone=createFeed:10m rate=1r/m; + limit_req_zone $limit_key zone=modules:10m rate=3r/m; + server { listen 80; server_name frontend; @@ -65,10 +92,89 @@ http { proxy_cache_lock on; proxy_cache_use_stale timeout updating; add_header X-Proxy-Cache $upstream_cache_status; + limit_req zone=modules burst=5 nodelay; + } + + location /api/rooms { + proxy_pass http://htwkalender-backend:8090; + client_max_body_size 20m; + proxy_connect_timeout 600s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_cache_bypass 0; + proxy_no_cache 0; + proxy_cache mcache; # mcache=RAM + proxy_cache_valid 200 301 302 30m; + proxy_cache_valid 403 404 5m; + proxy_cache_lock on; + proxy_cache_use_stale timeout updating; + add_header X-Proxy-Cache $upstream_cache_status; + limit_req zone=modules burst=5 nodelay; + } + + location /api/schedule { + proxy_pass http://htwkalender-backend:8090; + client_max_body_size 20m; + proxy_connect_timeout 600s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_cache_bypass 0; + proxy_no_cache 0; + proxy_cache mcache; # mcache=RAM + proxy_cache_valid 200 301 302 30m; + proxy_cache_valid 403 404 5m; + proxy_cache_lock on; + proxy_cache_use_stale timeout updating; + add_header X-Proxy-Cache $upstream_cache_status; + limit_req zone=modules burst=5 nodelay; + } + + location /api/courses { + proxy_pass http://htwkalender-backend:8090; + client_max_body_size 20m; + proxy_connect_timeout 600s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_cache_bypass 0; + proxy_no_cache 0; + proxy_cache mcache; # mcache=RAM + proxy_cache_valid 200 301 302 30m; + proxy_cache_valid 403 404 5m; + proxy_cache_lock on; + proxy_cache_use_stale timeout updating; + add_header X-Proxy-Cache $upstream_cache_status; + limit_req zone=modules burst=5 nodelay; + } + + location /api/feed { + proxy_pass http://htwkalender-backend:8090; + client_max_body_size 2m; + proxy_connect_timeout 600s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + limit_req zone=feed burst=10 nodelay; + } + + location /api/createFeed { + proxy_pass http://htwkalender-backend:8090; + client_max_body_size 2m; + proxy_connect_timeout 600s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + limit_req zone=createFeed burst=1 nodelay; } location /_ { proxy_pass http://htwkalender-backend:8090; + # if user is not 0 in admin list, return 404 + if ($admin) { + return 404 "Not Found"; + } } location / {