Merge pull request #7121 from Budibase/proxy-env-support-and-webhook-limiting
Add separate rate limiting config for webhooks + environment variable support
This commit is contained in:
commit
c0919ac01b
|
@ -75,7 +75,9 @@ services:
|
||||||
ports:
|
ports:
|
||||||
- "${MAIN_PORT}:10000"
|
- "${MAIN_PORT}:10000"
|
||||||
container_name: bbproxy
|
container_name: bbproxy
|
||||||
image: budibase/proxy
|
image: proxy-service
|
||||||
|
environment:
|
||||||
|
- PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND=10
|
||||||
depends_on:
|
depends_on:
|
||||||
- minio-service
|
- minio-service
|
||||||
- worker-service
|
- worker-service
|
||||||
|
|
|
@ -9,7 +9,11 @@ events {
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
# rate limiting
|
||||||
|
limit_req_status 429;
|
||||||
limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s;
|
limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s;
|
||||||
|
limit_req_zone $binary_remote_addr zone=webhooks:10m rate=${PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND}r/s;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
@ -126,6 +130,25 @@ http {
|
||||||
proxy_pass http://$apps:4002;
|
proxy_pass http://$apps:4002;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /api/webhooks/ {
|
||||||
|
# calls to webhooks are rate limited
|
||||||
|
limit_req zone=webhooks nodelay;
|
||||||
|
|
||||||
|
# Rest of configuration copied from /api/ location above
|
||||||
|
# 120s timeout on API requests
|
||||||
|
proxy_read_timeout 120s;
|
||||||
|
proxy_connect_timeout 120s;
|
||||||
|
proxy_send_timeout 120s;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_pass http://$apps:4002;
|
||||||
|
}
|
||||||
|
|
||||||
location /db/ {
|
location /db/ {
|
||||||
proxy_pass http://$couchdb:5984;
|
proxy_pass http://$couchdb:5984;
|
||||||
rewrite ^/db/(.*)$ /$1 break;
|
rewrite ^/db/(.*)$ /$1 break;
|
||||||
|
|
|
@ -1,3 +1,13 @@
|
||||||
FROM nginx:latest
|
FROM nginx:latest
|
||||||
COPY .generated-nginx.prod.conf /etc/nginx/nginx.conf
|
|
||||||
COPY error.html /usr/share/nginx/html/error.html
|
# nginx.conf
|
||||||
|
# use the default nginx behaviour for *.template files which are processed with envsubst
|
||||||
|
# override the output dir to output directly to /etc/nginx instead of /etc/nginx/conf.d
|
||||||
|
ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
|
||||||
|
COPY .generated-nginx.prod.conf /etc/nginx/templates/nginx.conf.template
|
||||||
|
|
||||||
|
# Error handling
|
||||||
|
COPY error.html /usr/share/nginx/html/error.html
|
||||||
|
|
||||||
|
# Default environment
|
||||||
|
ENV PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND=10
|
Loading…
Reference in New Issue