nutomic/yerbamate-ml
1
0
Fork 0
Code Issues 2 Pull requests Releases Wiki Activity

Add rate limits to avoid ddos

Browse source
This commit is contained in:
Felix Ableitner 2020-06-08 14:58:27 +02:00
parent a0acd1fe9b
commit db881c7b07
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
templates/gitea.conf
View file

@ -1,3 +1,6 @@
limit_req_zone $binary_remote_addr zone=gitea_ratelimit:10m rate=5r/s;
limit_req_zone $binary_remote_addr zone=limit_commit_view:10m rate=2r/m;
server { server {
listen 80; listen 80;
server_name {{ domain }}; server_name {{ domain }};
@ -43,7 +46,13 @@ server {
gzip_proxied any; gzip_proxied any;
gzip_vary on; gzip_vary on;
location ~ ".*/commit/.*" {
limit_req zone=limit_commit_view burst=5;
proxy_pass http://127.0.0.1:3000;
#return 500;
}
location / { location / {
limit_req zone=req_limit_per_ip burst=20 nodelay;
proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:3000;
} }
} }

2
templates/weblate.conf
View file

@ -1,5 +1,4 @@
server { server {
# TODO: http redirect seems broken
listen 80; listen 80;
server_name weblate.{{ domain }}; server_name weblate.{{ domain }};
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
@ -45,6 +44,7 @@ server {
gzip_vary on; gzip_vary on;
location / { location / {
limit_req zone=gitea_ratelimit burst=30 nodelay;
proxy_pass http://127.0.0.1:3001; proxy_pass http://127.0.0.1:3001;
} }
} }