Merge pull request #551 from NebulousLabs/registry-access-limits
limit registry access in nginx
This commit is contained in:
commit
f1a04d7832
|
@ -13,10 +13,14 @@ map $limit $limit_key {
|
||||||
limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
|
limit_req_zone $binary_remote_addr zone=uploads_by_ip:10m rate=10r/s;
|
||||||
limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
|
limit_req_zone $limit_key zone=uploads_by_ip_throttled:10m rate=10r/m;
|
||||||
|
|
||||||
|
limit_req_zone $binary_remote_addr zone=registry_access_by_ip:10m rate=60r/m;
|
||||||
|
limit_req_zone $limit_key zone=registry_access_by_ip_throttled:10m rate=20r/m;
|
||||||
|
|
||||||
limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
|
limit_conn_zone $binary_remote_addr zone=upload_conn:10m;
|
||||||
limit_conn_zone $limit_key zone=upload_conn_rl:10m;
|
limit_conn_zone $limit_key zone=upload_conn_rl:10m;
|
||||||
|
|
||||||
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
|
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
|
||||||
|
|
||||||
limit_req_status 429;
|
limit_req_status 429;
|
||||||
limit_conn_status 429;
|
limit_conn_status 429;
|
||||||
|
|
||||||
|
@ -218,6 +222,9 @@ server {
|
||||||
include /etc/nginx/conf.d/include/cors;
|
include /etc/nginx/conf.d/include/cors;
|
||||||
include /etc/nginx/conf.d/include/sia-auth;
|
include /etc/nginx/conf.d/include/sia-auth;
|
||||||
|
|
||||||
|
limit_req zone=registry_access_by_ip burst=600 nodelay;
|
||||||
|
limit_req zone=registry_access_by_ip_throttled burst=200 nodelay;
|
||||||
|
|
||||||
proxy_set_header User-Agent: Sia-Agent;
|
proxy_set_header User-Agent: Sia-Agent;
|
||||||
proxy_read_timeout 600; # siad should timeout with 404 after 5 minutes
|
proxy_read_timeout 600; # siad should timeout with 404 after 5 minutes
|
||||||
proxy_pass http://siad/skynet/registry;
|
proxy_pass http://siad/skynet/registry;
|
||||||
|
|
Reference in New Issue