Add download rate limits.

This commit is contained in:
Ivaylo Novakov 2021-12-08 18:00:46 +01:00
parent a50ea4e312
commit 25af756a14
No known key found for this signature in database
GPG Key ID: 06B9354AB08BE9C6
2 changed files with 26 additions and 2 deletions

View File

@ -76,7 +76,7 @@ location /serverload {
# Define root directory in the nginx container to load file from # Define root directory in the nginx container to load file from
root /usr/local/share; root /usr/local/share;
# including this because of peer pressure from the other routes # including this because of peer pressure from the other routes
include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/cors;
# tell nginx to expect json # tell nginx to expect json
@ -177,9 +177,15 @@ location /skynet/skyfile {
limit_req zone=uploads_by_ip burst=10 nodelay; limit_req zone=uploads_by_ip burst=10 nodelay;
limit_req zone=uploads_by_ip_throttled; limit_req zone=uploads_by_ip_throttled;
limit_req zone=downloads_by_ip burst=5 nodelay;
limit_req zone=downloads_by_ip_throttled;
limit_conn upload_conn 5; limit_conn upload_conn 5;
limit_conn upload_conn_rl 1; limit_conn upload_conn_rl 1;
limit_conn download_conn 5;
limit_conn download_conn_rl 1;
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
# increase request timeouts # increase request timeouts
@ -215,9 +221,15 @@ location /skynet/tus {
limit_req zone=uploads_by_ip burst=10 nodelay; limit_req zone=uploads_by_ip burst=10 nodelay;
limit_req zone=uploads_by_ip_throttled; limit_req zone=uploads_by_ip_throttled;
limit_req zone=downloads_by_ip burst=5 nodelay;
limit_req zone=downloads_by_ip_throttled;
limit_conn upload_conn 5; limit_conn upload_conn 5;
limit_conn upload_conn_rl 1; limit_conn upload_conn_rl 1;
limit_conn download_conn 5;
limit_conn download_conn_rl 1;
# TUS chunks size is 40M + leaving 10M of breathing room # TUS chunks size is 40M + leaving 10M of breathing room
client_max_body_size 50M; client_max_body_size 50M;
@ -286,9 +298,15 @@ location /skynet/pin {
limit_req zone=uploads_by_ip burst=10 nodelay; limit_req zone=uploads_by_ip burst=10 nodelay;
limit_req zone=uploads_by_ip_throttled; limit_req zone=uploads_by_ip_throttled;
limit_req zone=downloads_by_ip burst=5 nodelay;
limit_req zone=downloads_by_ip_throttled;
limit_conn upload_conn 5; limit_conn upload_conn 5;
limit_conn upload_conn_rl 1; limit_conn upload_conn_rl 1;
limit_conn download_conn 5;
limit_conn download_conn_rl 1;
proxy_set_header User-Agent: Sia-Agent; proxy_set_header User-Agent: Sia-Agent;
proxy_pass http://sia:9980$uri?siapath=$dir1/$dir2/$dir3&$args; proxy_pass http://sia:9980$uri?siapath=$dir1/$dir2/$dir3&$args;
} }

View File

@ -73,7 +73,7 @@ http {
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=50g min_free=100g inactive=48h use_temp_path=off; proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=50g min_free=100g inactive=48h use_temp_path=off;
# this runs before forking out nginx worker processes # this runs before forking out nginx worker processes
init_by_lua_block { init_by_lua_block {
require "cjson" require "cjson"
require "resty.http" require "resty.http"
require "skynet.skylink" require "skynet.skylink"
@ -99,12 +99,18 @@ http {
limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s; limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m; limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
limit_req_zone $binary_remote_addr zone=downloads_by_ip:10m rate=5r/s;
limit_req_zone $limit_key zone=downloads_by_ip_throttled:10m rate=5r/m;
limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m; limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m;
limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m; limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m;
limit_conn_zone $binary_remote_addr zone=upload_conn:10m; limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
limit_conn_zone $limit_key zone=upload_conn_rl:10m; limit_conn_zone $limit_key zone=upload_conn_rl:10m;
limit_conn_zone $binary_remote_addr zone=download_conn:10m;
limit_conn_zone $limit_key zone=download_conn_rl:10m;
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m; limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
limit_req_status 429; limit_req_status 429;