From 89c532a7eb1d5511968f35a58493a3997b249bc3 Mon Sep 17 00:00:00 2001 From: Elmar Kresse Date: Tue, 11 Jun 2024 00:11:06 +0200 Subject: [PATCH] fix:#7 fixed nginx/docker config --- docker-compose.dev.yml | 4 ++-- docker-compose.prod.yml | 4 ++-- docker-compose.yml | 8 ++++---- reverseproxy.dev.conf | 22 +++++++++++++++------- services/data-manager/Dockerfile | 14 +++++++------- services/ical/Dockerfile | 6 +++--- 6 files changed, 33 insertions(+), 25 deletions(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index cce0611..2e98806 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -17,11 +17,11 @@ services: htwkalender-data-manager: image: DOCKER_REGISTRY_REPO-backend # DOCKER_REGISTRY_REPO will be replaced by CI - command: "--http=0.0.0.0:8090 --dir=/htwkalender/data/pb_data" + command: "--http=0.0.0.0:8090 --dir=/htwkalender-data-manager/data/pb_data" pull_policy: always restart: always volumes: - - pb_data:/htwkalender/data + - pb_data:/htwkalender-data-manager/data networks: - "net" diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index cdf9d74..8358f31 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -17,11 +17,11 @@ services: htwkalender-data-manager: image: DOCKER_REGISTRY_REPO-data-manager # DOCKER_REGISTRY_REPO will be replaced by CI - command: "--http=0.0.0.0:8090 --dir=/htwkalender/data/pb_data" + command: "--http=0.0.0.0:8090 --dir=/htwkalender-data-manager/data/pb_data" pull_policy: always restart: always volumes: - - pb_data:/htwkalender/data + - pb_data:/htwkalender-data-manager/data networks: - "net" diff --git a/docker-compose.yml b/docker-compose.yml index 41d78d8..c6a28f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,11 +20,11 @@ services: dockerfile: Dockerfile context: services/data-manager target: dev # prod - command: "--http=0.0.0.0:8090 --dir=/htwkalender/data/pb_data" - ports: - - "8090:8090" + command: "--http=0.0.0.0:8090 --dir=/htwkalender-data-manager/data/pb_data" + #ports: + # - "8090:8090" volumes: - - pb_data:/htwkalender/data # for production with volume + - pb_data:/htwkalender-data-manager/data # for production with volume # - ./data-manager:/htwkalender/data # for development with bind mount from project directory htwkalender-ical: diff --git a/reverseproxy.dev.conf b/reverseproxy.dev.conf index 25fc435..7a6bf6b 100644 --- a/reverseproxy.dev.conf +++ b/reverseproxy.dev.conf @@ -108,9 +108,21 @@ http { 1 $binary_remote_addr; } + # Different rate limits for different request methods + map $request_method $limit_feed { + POST ''; # Create feed is limited to 1 request per minute + default $binary_remote_addr; # All other requests are limited to 20 requests per minute + } + + + map $request_method $limit_createFeed { + POST $binary_remote_addr; # Create feed is limited to 1 request per minute + default ''; # All other requests are limited to 20 requests per minute + } + # Limit the number of requests per IP - limit_req_zone $limit_key zone=feed:20m rate=20r/m; - limit_req_zone $limit_key zone=createFeed:10m rate=1r/m; + limit_req_zone $limit_feed zone=feed:20m rate=20r/m; + limit_req_zone $limit_createFeed zone=createFeed:10m rate=1r/m; limit_req_zone $limit_key zone=modules:10m rate=30r/m; server { @@ -136,12 +148,8 @@ http { proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; - - # Apply rate limiting - if ($request_method = POST) { - limit_req zone=createFeed burst=10 nodelay; - } limit_req zone=feed burst=10 nodelay; + limit_req zone=createFeed burst=10 nodelay; limit_req_status 429; } diff --git a/services/data-manager/Dockerfile b/services/data-manager/Dockerfile index 931dbeb..35dd5c8 100644 --- a/services/data-manager/Dockerfile +++ b/services/data-manager/Dockerfile @@ -24,12 +24,12 @@ COPY . ./ # download needed modules RUN apk add --no-cache --update go gcc g++ && \ go mod download && \ - CGO_ENABLED=1 GOOS=linux go build -o /htwkalender + CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-data-manager # production stage FROM alpine:latest AS prod -WORKDIR /htwkalender +WORKDIR /htwkalender-data-manager ARG USER=ical RUN adduser -Ds /bin/sh $USER && \ @@ -39,18 +39,18 @@ USER $USER RUN mkdir -p data # copies executable from build container -COPY --chown=$USER:$USER --from=build /htwkalender ./ +COPY --chown=$USER:$USER --from=build /htwkalender-data-manager ./ # Expose port 8090 to the outside world EXPOSE 8090 -ENTRYPOINT ["./htwkalender", "serve"] +ENTRYPOINT ["./htwkalender-data-manager", "serve"] FROM golang:1.21.6 AS dev # Set the Current Working Directory inside the container -WORKDIR /htwkalender +WORKDIR /htwkalender-data-manager # Copy go mod and sum files COPY go.mod go.sum ./ @@ -61,10 +61,10 @@ COPY *.go ./ COPY . . # Build the Go app -RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender +RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-data-manager # Expose port 8090 to the outside world EXPOSE 8090 # Entry point -ENTRYPOINT ["./htwkalender", "serve"] \ No newline at end of file +ENTRYPOINT ["./htwkalender-data-manager", "serve"] \ No newline at end of file diff --git a/services/ical/Dockerfile b/services/ical/Dockerfile index 5a6be0e..2bc4c3b 100644 --- a/services/ical/Dockerfile +++ b/services/ical/Dockerfile @@ -41,7 +41,7 @@ RUN mkdir -p data # copies executable from build container COPY --chown=$USER:$USER --from=build /htwkalender-ical ./ -# Expose port 8090 to the outside world +# Expose port 8091 to the outside world EXPOSE 8091 ENTRYPOINT ["./htwkalender-ical"] @@ -63,8 +63,8 @@ COPY . . # Build the Go app RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-ical -# Expose port 8090 to the outside world -EXPOSE 8090 +# Expose port 8091 to the outside world +EXPOSE 8091 # Entry point ENTRYPOINT ["./htwkalender-ical"] \ No newline at end of file