feat: rate limit

README.md

@@ -39,46 +39,46 @@ You can quickly set up the relayer infrastructure using the provided install scr
     - AWS Credentials:
       - AWS Access Key ID
       - AWS Secret Access Key
-      - AWS Default Region (default: us-east-1)
+      - AWS Default Region (default: `us-east-1`)
 
     - Image Versions:
-      - Relayer Image Version (default: latest)
-      - Dashboard Image Version (default: latest)
+      - Relayer Image Version (default: `latest`)
+      - Dashboard Image Version (default: `latest`)
 
-    - Restart Policy (default: unless-stopped)
+    - Restart Policy (default: `unless-stopped`)
 
     - Admin Credentials:
 
-      - Admin Email (default: <[email protected]>)
-      - Admin Password (default: p@ssw0rd)
+      - Admin Email (default: <`[email protected]`>)
+      - Admin Password (default: `p@ssw0rd`)
 
     - Let's Encrypt Configuration:
-      - Enable Let's Encrypt? (yes or no, default: no)
+      - Enable Let's Encrypt? (`yes` or `no`, default: `no`)
 
         If enabled:
         - Use Let's Encrypt Staging
-          - Environment? (yes or no, default: no)
+          - Environment? (`yes` or `no`, default: `no`)
         - Let's Encrypt Domain
         - Let's Encrypt Email
 
     - Configuration File Path:
-      - Path to config.yaml for the relayer service.
+      - Path to `config.yaml` for the relayer service.
 
 3. Wait for Deployment
 
     The script will:
 
     - Check for required commands.
-    - Download the docker-compose.yaml file.
-    - Generate a secure NEXTAUTH_SECRET.
-    - Create a .env file with your configuration.
+    - Download the `docker-compose.yaml` file.
+    - Generate a secure `NEXTAUTH_SECRET`.
+    - Create a `.env` file with your configuration.
     - Start the Docker services using Docker Compose.
 
 4. Access the Admin Dashboard
 
     - If Let's Encrypt is enabled and configured:
 
-      - Access the dashboard at <https://your-domain>
+      - Access the dashboard at <`https://your-domain`>
 
     - If Let's Encrypt is not enabled:
       - Access the dashboard at <http://localhost> or your server's IP address.

admin-dashboard/rootfs/defaults/dashboard.conf

@@ -1,6 +1,7 @@
 {{ $CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN := .Env.CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN | default "*" }}
 {{ $DASHBOARD_PORT := .Env.DASHBOARD_PORT | default "3000"  }}
-
+{{ $ENABLE_RATE_LIMITING := not .Env.DISABLE_RATE_LIMITING | default "0" | toBool }}
+{{ $RATE_LIMIT_BURST := .Env.RATE_LIMIT_BURST | default "20" }}
 
 server_name _;
 
@@ -36,6 +37,15 @@ location ~* \.(ico|jpe?g|png|svg|css|js|gif||woff|woff2|eot|ttf|otf)$ {
     }
 }
 
+{{ if $ENABLE_RATE_LIMITING }}
+limit_req zone=api burst={{ $RATE_LIMIT_BURST }} nodelay;
+{{ end }}
+
 location / {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
     proxy_pass http://dashboard:{{ $DASHBOARD_PORT }};
 }

admin-dashboard/rootfs/defaults/nginx.conf

@@ -61,6 +61,11 @@ http {
 		''      close;
 	}
 
+  # Rate Limiting
+  {{ if not .Env.DISABLE_RATE_LIMITING | default "0" | toBool }}
+  limit_req_zone $binary_remote_addr zone=api:10m rate={{ .Env.RATE_LIMIT_RATE | default "10r/s" }};
+  {{ end }}
+
 	##
 	# Virtual Host Configs
 	##

install.sh

@@ -33,6 +33,17 @@ if [ ${#MISSING_COMMANDS[@]} -ne 0 ]; then
     exit 1
 fi
 
+# Check if user is in the docker group
+if ! groups $USER | grep &>/dev/null "\bdocker\b"; then
+    read -p "User is not in the docker group. Add user to docker group? (yes/no) [no]: " ADD_DOCKER_GROUP
+    ADD_DOCKER_GROUP=${ADD_DOCKER_GROUP:-no}
+    if [[ "${ADD_DOCKER_GROUP}" == "yes" || "${ADD_DOCKER_GROUP}" == "y" ]]; then
+        sudo usermod -aG docker $USER
+        echo "User added to docker group. Please log out and log back in for the changes to take effect."
+        exit 0
+    fi
+fi
+
 # Set variables
 REPO_URL="https://raw.githubusercontent.com/icon-project/relayer-docker/main"
 CONFIG_DIR="${HOME}/relayer-docker-config"