thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable rate limiting and compression for NGINX

Browse Source
This commit is contained in:
thiloho
2024-09-20 17:47:25 +02:00
parent 86ab737429
commit c11d73c328
3 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nix/module.nix
View File

@@ -131,7 +131,7 @@ in
};
script = ''
REGISTRATION_IS_DISABLED=${toString cfg.disableRegistration} BODY_SIZE_LIMIT=Infinity ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
REGISTRATION_IS_DISABLED=${toString cfg.disableRegistration} BODY_SIZE_LIMIT=10M ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
'';
};
@@ -154,6 +154,14 @@ in
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=requestLimit:10m rate=5r/s;
limit_req_status 429;
limit_req zone=requestLimit burst=20 nodelay;
'';
virtualHosts = {
"${cfg.domain}" = {
@@ -172,8 +180,6 @@ in
proxyPass = "http://localhost:${toString cfg.apiPort}/";
extraConfig = ''
default_type application/json;
proxy_set_header Connection "";
proxy_http_version 1.1;
'';
};
"/api/rpc/register" = mkIf cfg.disableRegistration {