Enable rate limiting and compression for NGINX

2025-11-22 02:41:35 +01:00 · 2024-09-20 17:47:25 +02:00
parent 86ab737429
commit c11d73c328
3 changed files with 15 additions and 3 deletions
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -131,7 +131,7 @@ in
      };

      script = ''
-        REGISTRATION_IS_DISABLED=${toString cfg.disableRegistration} BODY_SIZE_LIMIT=Infinity ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
+        REGISTRATION_IS_DISABLED=${toString cfg.disableRegistration} BODY_SIZE_LIMIT=10M ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
      '';
    };

@@ -154,6 +154,14 @@ in
      enable = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
+      recommendedZstdSettings = true;
+      recommendedOptimisation = true;
+
+      appendHttpConfig = ''
+        limit_req_zone $binary_remote_addr zone=requestLimit:10m rate=5r/s;
+        limit_req_status 429;
+        limit_req zone=requestLimit burst=20 nodelay;
+      '';

      virtualHosts = {
        "${cfg.domain}" = {
@@ -172,8 +180,6 @@ in
              proxyPass = "http://localhost:${toString cfg.apiPort}/";
              extraConfig = ''
                default_type application/json;
-                proxy_set_header Connection "";
-                proxy_http_version 1.1;
              '';
            };
            "/api/rpc/register" = mkIf cfg.disableRegistration {
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/categories/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/categories/+page.server.ts
@@ -60,6 +60,7 @@ export const actions: Actions = {
          Authorization: `Bearer ${cookies.get("session_token")}`
        },
        body: JSON.stringify({
+          category_name: data.get("category-name"),
          category_weight: data.get("category-weight")
        })
      }
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/categories/+page.svelte
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/categories/+page.svelte
@@ -89,6 +89,11 @@
                >
                  <input type="hidden" name="category-id" value={id} />

+                  <label>
+                    Name:
+                    <input type="text" name="category-name" value={category_name} maxlength="50" required />
+                  </label>
+
                  <label>
                    Weight:
                    <input type="number" name="category-weight" value={category_weight} min="0" />