From 912779862c2e56d833cd282f2c1371521e23c439 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Fri, 19 Jun 2020 21:58:18 +0200
Subject: [PATCH] Add rate limit for gitea

---
 files/docker-compose.yml |  3 ++-
 templates/gitea.conf     | 10 ++--------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/files/docker-compose.yml b/files/docker-compose.yml
index 9e99214..543f35d 100644
--- a/files/docker-compose.yml
+++ b/files/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.3"
+version: "2.2"
 
 services:
 
@@ -15,6 +15,7 @@ services:
     depends_on:
       - redis
       - postfix
+    mem_limit: 500m
 
   weblate:
     image: weblate/weblate:4.1-2
diff --git a/templates/gitea.conf b/templates/gitea.conf
index bfe2103..b2b7fa2 100644
--- a/templates/gitea.conf
+++ b/templates/gitea.conf
@@ -1,5 +1,4 @@
-limit_req_zone $binary_remote_addr zone=gitea_ratelimit:10m rate=5r/s;
-limit_req_zone $binary_remote_addr zone=limit_commit_view:10m rate=2r/m;
+limit_req_zone $binary_remote_addr zone=gitea_ratelimit:10m rate=1r/s;
 
 server {
     listen 80;
@@ -46,13 +45,8 @@ server {
     gzip_proxied any;
     gzip_vary on;
 
-    location ~ ".*/commit/.*" {
-        limit_req zone=limit_commit_view burst=5;
-        proxy_pass http://127.0.0.1:3000;
-        #return 500;
-    }
     location / {
-        limit_req zone=req_limit_per_ip burst=20 nodelay;
+        limit_req zone=gitea_ratelimit burst=30 nodelay;
         proxy_pass http://127.0.0.1:3000;
     }
 }