HTWK/htwkalender
1
1
Fork 0
mirror of https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git synced 2025-07-16 09:38:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix:#36 updated ratelimit nginx for post feeds

Browse Source
This commit is contained in:
Elmar Kresse
2024-06-19 22:03:15 +02:00
parent 8124d84efd
commit a4a38a94f9
3 changed files with 20 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
reverseproxy.local.conf
View File

@ -1,22 +1,6 @@
#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
#Copyright (C) 2024 HTWKalender support@htwkalender.de
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU Affero General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU Affero General Public License for more details.
#You should have received a copy of the GNU Affero General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
worker_processes 4;
error_log /opt/bitnami/nginx/logs/error.log;
error_log /opt/bitnami/nginx/logs/error.log debug;
pid /opt/bitnami/nginx/tmp/nginx.pid;
events {
@ -27,61 +11,12 @@ http {
include mime.types;
default_type application/octet-stream;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
access_log /opt/bitnami/nginx/logs/proxy_access.log;
error_log /opt/bitnami/nginx/logs/proxy_error.log;
sendfile on;
keepalive_timeout 180s;
send_timeout 180s;
client_body_temp_path /opt/bitnami/nginx/tmp/client_temp;
proxy_temp_path /opt/bitnami/nginx/tmp/proxy_temp_path;
fastcgi_temp_path /opt/bitnami/nginx/tmp/fastcgi_temp;
uwsgi_temp_path /opt/bitnami/nginx/tmp/uwsgi_temp;
scgi_temp_path /opt/bitnami/nginx/tmp/scgi_temp;
proxy_buffering on;
proxy_buffers 8 16k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 1024m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
geo $admin {
default 1;
#10.0.0.0/8 0; # Private Network
#127.0.0.0/8 0; # Localhost Network
#192.168.0.0/16 0; # Localhost Network
#141.57.0.0/16 0; # HTWK Leipzig Network
#172.16.0.0/12 0; # Private Network
}
map $admin $limit_key {
0 '';
1 $binary_remote_addr;
}
map $request_method $ratelimit_key {
POST $binary_remote_addr;
default $binary_remote_addr;
default "";
}
limit_req_zone $ratelimit_key zone=createFeed:10m rate=1r/s;
#limit_req_zone $limit_key zone=createFeed:10m rate=1r/m;
# Limit the number of requests per IP
limit_req_zone $limit_key zone=feed:20m rate=20r/m;
limit_req_zone $limit_key zone=modules:10m rate=30r/m;
limit_req_zone $ratelimit_key zone=createFeed:10m rate=1r/m;
server {
listen 80;
@ -89,13 +24,14 @@ http {
http2 on;
location /api/feed {
limit_req zone=createFeed nodelay;
proxy_pass http://htwkalender-ical:8091;
client_max_body_size 20m;
proxy_connect_timeout 600s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
limit_req zone=createFeed nodelay;
limit_req_status 429;
}
location /api {
@ -109,7 +45,6 @@ http {
location /_ {
proxy_pass http://htwkalender-data-manager:8090;
# Increase upload file size
client_max_body_size 100m;
}