Merge pull request #7121 from Budibase/proxy-env-support-and-webhook-limiting

Add separate rate limiting config for webhooks + environment variable support
This commit is contained in:
Rory Powell 2022-08-10 09:00:20 +01:00 committed by GitHub
commit c0919ac01b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 3 deletions

View File

@ -75,7 +75,9 @@ services:
ports: ports:
- "${MAIN_PORT}:10000" - "${MAIN_PORT}:10000"
container_name: bbproxy container_name: bbproxy
image: budibase/proxy image: proxy-service
environment:
- PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND=10
depends_on: depends_on:
- minio-service - minio-service
- worker-service - worker-service

View File

@ -9,7 +9,11 @@ events {
} }
http { http {
# rate limiting
limit_req_status 429;
limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s; limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s;
limit_req_zone $binary_remote_addr zone=webhooks:10m rate=${PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND}r/s;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
proxy_set_header Host $host; proxy_set_header Host $host;
@ -126,6 +130,25 @@ http {
proxy_pass http://$apps:4002; proxy_pass http://$apps:4002;
} }
location /api/webhooks/ {
# calls to webhooks are rate limited
limit_req zone=webhooks nodelay;
# Rest of configuration copied from /api/ location above
# 120s timeout on API requests
proxy_read_timeout 120s;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$apps:4002;
}
location /db/ { location /db/ {
proxy_pass http://$couchdb:5984; proxy_pass http://$couchdb:5984;
rewrite ^/db/(.*)$ /$1 break; rewrite ^/db/(.*)$ /$1 break;

View File

@ -1,3 +1,13 @@
FROM nginx:latest FROM nginx:latest
COPY .generated-nginx.prod.conf /etc/nginx/nginx.conf
COPY error.html /usr/share/nginx/html/error.html # nginx.conf
# use the default nginx behaviour for *.template files which are processed with envsubst
# override the output dir to output directly to /etc/nginx instead of /etc/nginx/conf.d
ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
COPY .generated-nginx.prod.conf /etc/nginx/templates/nginx.conf.template
# Error handling
COPY error.html /usr/share/nginx/html/error.html
# Default environment
ENV PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND=10