Skip to content

Commit

Permalink
try limit rate
Browse files Browse the repository at this point in the history
  • Loading branch information
@KMicha
KMicha committed Feb 11, 2025
1 parent 7d07e44 commit ffda42d
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions cre/proxy.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,26 @@ map $http_x_forwarded_port $proxy_x_forwarded_port {
'' $server_port;
}

geo $user_group {
default req_standard;
10.4.191.00/8 req_free;
69.176.86.0/23 req_blocked;
69.176.88.0/22 req_blocked;
94.74.123.73 req_limited;
}

map $user_group $limit_rate {
req_standard 100k;
req_free 1000k;
req_blocked 1k;
req_limited 10k;
}

limit_req_zone $binary_remote_addr; zone=req_standard:10m rate=5r/s;
limit_req_zone "" zone=req_free:1m rate=30r/s;
limit_req_zone $binary_remote_addr; zone=req_blocked:1m rate=1r/m;
limit_req_zone $binary_remote_addr; zone=req_limited:1m rate=3r/m;

## top-level http config for websocket headers
## If Upgrade is defined, Connection = upgrade
## If Upgrade is empty, Connection = close
Expand Down Expand Up @@ -82,13 +102,17 @@ server {
server_name {{ $CurrentDomain }};
listen 80;
include /etc/nginx/conf.d/deny.conf;
limit_req zone=$user_group;
limit_rate $limit_rate;
access_log /var/log/nginx/access.log vhost;
return 301 https://{{ $emptyhost }}$request_uri;
}
server {
server_name {{ $CurrentDomain }};
listen 443 ssl http2 ;
include /etc/nginx/conf.d/deny.conf;
limit_req zone=$user_group;
limit_rate $limit_rate;
access_log /var/log/nginx/access.log vhost;

{{ $network_tag := or $CurrentContainer.Env.NETWORK_ACCESS "external" }}
Expand Down

0 comments on commit ffda42d

Please sign in to comment.