Add download rate limits.
This commit is contained in:
parent
a50ea4e312
commit
25af756a14
|
@ -76,7 +76,7 @@ location /serverload {
|
||||||
# Define root directory in the nginx container to load file from
|
# Define root directory in the nginx container to load file from
|
||||||
root /usr/local/share;
|
root /usr/local/share;
|
||||||
|
|
||||||
# including this because of peer pressure from the other routes
|
# including this because of peer pressure from the other routes
|
||||||
include /etc/nginx/conf.d/include/cors;
|
include /etc/nginx/conf.d/include/cors;
|
||||||
|
|
||||||
# tell nginx to expect json
|
# tell nginx to expect json
|
||||||
|
@ -177,9 +177,15 @@ location /skynet/skyfile {
|
||||||
limit_req zone=uploads_by_ip burst=10 nodelay;
|
limit_req zone=uploads_by_ip burst=10 nodelay;
|
||||||
limit_req zone=uploads_by_ip_throttled;
|
limit_req zone=uploads_by_ip_throttled;
|
||||||
|
|
||||||
|
limit_req zone=downloads_by_ip burst=5 nodelay;
|
||||||
|
limit_req zone=downloads_by_ip_throttled;
|
||||||
|
|
||||||
limit_conn upload_conn 5;
|
limit_conn upload_conn 5;
|
||||||
limit_conn upload_conn_rl 1;
|
limit_conn upload_conn_rl 1;
|
||||||
|
|
||||||
|
limit_conn download_conn 5;
|
||||||
|
limit_conn download_conn_rl 1;
|
||||||
|
|
||||||
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
|
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
|
||||||
|
|
||||||
# increase request timeouts
|
# increase request timeouts
|
||||||
|
@ -215,9 +221,15 @@ location /skynet/tus {
|
||||||
limit_req zone=uploads_by_ip burst=10 nodelay;
|
limit_req zone=uploads_by_ip burst=10 nodelay;
|
||||||
limit_req zone=uploads_by_ip_throttled;
|
limit_req zone=uploads_by_ip_throttled;
|
||||||
|
|
||||||
|
limit_req zone=downloads_by_ip burst=5 nodelay;
|
||||||
|
limit_req zone=downloads_by_ip_throttled;
|
||||||
|
|
||||||
limit_conn upload_conn 5;
|
limit_conn upload_conn 5;
|
||||||
limit_conn upload_conn_rl 1;
|
limit_conn upload_conn_rl 1;
|
||||||
|
|
||||||
|
limit_conn download_conn 5;
|
||||||
|
limit_conn download_conn_rl 1;
|
||||||
|
|
||||||
# TUS chunks size is 40M + leaving 10M of breathing room
|
# TUS chunks size is 40M + leaving 10M of breathing room
|
||||||
client_max_body_size 50M;
|
client_max_body_size 50M;
|
||||||
|
|
||||||
|
@ -286,9 +298,15 @@ location /skynet/pin {
|
||||||
limit_req zone=uploads_by_ip burst=10 nodelay;
|
limit_req zone=uploads_by_ip burst=10 nodelay;
|
||||||
limit_req zone=uploads_by_ip_throttled;
|
limit_req zone=uploads_by_ip_throttled;
|
||||||
|
|
||||||
|
limit_req zone=downloads_by_ip burst=5 nodelay;
|
||||||
|
limit_req zone=downloads_by_ip_throttled;
|
||||||
|
|
||||||
limit_conn upload_conn 5;
|
limit_conn upload_conn 5;
|
||||||
limit_conn upload_conn_rl 1;
|
limit_conn upload_conn_rl 1;
|
||||||
|
|
||||||
|
limit_conn download_conn 5;
|
||||||
|
limit_conn download_conn_rl 1;
|
||||||
|
|
||||||
proxy_set_header User-Agent: Sia-Agent;
|
proxy_set_header User-Agent: Sia-Agent;
|
||||||
proxy_pass http://sia:9980$uri?siapath=$dir1/$dir2/$dir3&$args;
|
proxy_pass http://sia:9980$uri?siapath=$dir1/$dir2/$dir3&$args;
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,7 +73,7 @@ http {
|
||||||
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=50g min_free=100g inactive=48h use_temp_path=off;
|
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=50g min_free=100g inactive=48h use_temp_path=off;
|
||||||
|
|
||||||
# this runs before forking out nginx worker processes
|
# this runs before forking out nginx worker processes
|
||||||
init_by_lua_block {
|
init_by_lua_block {
|
||||||
require "cjson"
|
require "cjson"
|
||||||
require "resty.http"
|
require "resty.http"
|
||||||
require "skynet.skylink"
|
require "skynet.skylink"
|
||||||
|
@ -99,12 +99,18 @@ http {
|
||||||
limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
|
limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
|
||||||
limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
|
limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
|
||||||
|
|
||||||
|
limit_req_zone $binary_remote_addr zone=downloads_by_ip:10m rate=5r/s;
|
||||||
|
limit_req_zone $limit_key zone=downloads_by_ip_throttled:10m rate=5r/m;
|
||||||
|
|
||||||
limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m;
|
limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m;
|
||||||
limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m;
|
limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m;
|
||||||
|
|
||||||
limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
|
limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
|
||||||
limit_conn_zone $limit_key zone=upload_conn_rl:10m;
|
limit_conn_zone $limit_key zone=upload_conn_rl:10m;
|
||||||
|
|
||||||
|
limit_conn_zone $binary_remote_addr zone=download_conn:10m;
|
||||||
|
limit_conn_zone $limit_key zone=download_conn_rl:10m;
|
||||||
|
|
||||||
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
|
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
|
||||||
|
|
||||||
limit_req_status 429;
|
limit_req_status 429;
|
||||||
|
|
Reference in New Issue