fix:#7 added limit to POST in nginx config

2025-07-16 09:38:49 +02:00 · 2024-06-10 21:29:56 +02:00
parent 5e8365f3c5
commit 085ffe1baf
3 changed files with 29 additions and 5 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -16,7 +16,7 @@

 services:
  htwkalender-data-manager:
-    image: DOCKER_REGISTRY_REPO-backend # DOCKER_REGISTRY_REPO will be replaced by CI
+    image: DOCKER_REGISTRY_REPO-data-manager # DOCKER_REGISTRY_REPO will be replaced by CI
    command: "--http=0.0.0.0:8090 --dir=/htwkalender/data/pb_data"
    pull_policy: always
    restart: always
@ -25,6 +25,14 @@ services:
    networks:
      - "net"

+  htwkalender-ical:
+    image: DOCKER_REGISTRY_REPO-ical # DOCKER_REGISTRY_REPO will be replaced by CI
+    pull_policy: always
+    restart: always
+    target: prod
+    networks:
+      - "net"
+
  htwkalender-frontend:
    image: DOCKER_REGISTRY_REPO-frontend # DOCKER_REGISTRY_REPO will be replaced by CI
    pull_policy: always
--- a/reverseproxy.conf
+++ b/reverseproxy.conf
@ -107,6 +107,12 @@ http {
        1 $binary_remote_addr;
    }

+    # Different rate limits for different request methods
+    map $request_method $limit_zone {
+        POST   createFeed; # Create feed is limited to 1 request per minute
+        default feed;      # All other requests are limited to 20 requests per minute
+    }
+
    # Limit the number of requests per IP
    limit_req_zone $limit_key zone=feed:20m rate=20r/m;
    limit_req_zone $limit_key zone=createFeed:10m rate=1r/m;
@ -125,7 +131,8 @@ http {
            proxy_read_timeout 600s;
            proxy_send_timeout 600s;
            send_timeout 600s;
-            limit_req zone=feed burst=10 nodelay;
+            limit_req zone=$limit_zone burst=10 nodelay;
+            limit_req_status 429;
        }

        location / {
@ -146,7 +153,8 @@ http {
            proxy_read_timeout 600s;
            proxy_send_timeout 600s;
            send_timeout 600s;
-            limit_req zone=feed burst=10 nodelay;
+            limit_req zone=$limit_zone burst=10 nodelay;
+            limit_req_status 429;
        }

        location / {
@ -181,7 +189,8 @@ http {
            proxy_read_timeout 600s;
            proxy_send_timeout 600s;
            send_timeout 600s;
-            limit_req zone=feed burst=10 nodelay;
+            limit_req zone=$limit_zone burst=10 nodelay;
+            limit_req_status 429;
        }

        location /api {
--- a/reverseproxy.dev.conf
+++ b/reverseproxy.dev.conf
@ -108,6 +108,12 @@ http {
        1 $binary_remote_addr;
    }

+    # Different rate limits for different request methods
+    map $request_method $limit_zone {
+        POST   createFeed; # Create feed is limited to 1 request per minute
+        default feed;      # All other requests are limited to 20 requests per minute
+    }
+
    # Limit the number of requests per IP
    limit_req_zone $limit_key zone=feed:20m rate=20r/m;
    limit_req_zone $limit_key zone=createFeed:10m rate=1r/m;
@ -136,7 +142,8 @@ http {
            proxy_read_timeout 600s;
            proxy_send_timeout 600s;
            send_timeout 600s;
-            limit_req zone=feed burst=10 nodelay;
+            limit_req zone=$limit_zone burst=10 nodelay;
+            limit_req_status 429;
        }

        location /api {