branch master updated: hydra: nginx: Rate limit mumi graphql endpoint.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: hydra: nginx: Rate limit mumi graphql endpoint.

From:	Arun Isaac
Subject:	branch master updated: hydra: nginx: Rate limit mumi graphql endpoint.
Date:	Sat, 16 Mar 2024 21:53:14 -0400

This is an automated email from the git hooks/post-receive script.

arunisaac pushed a commit to branch master
in repository maintenance.

The following commit(s) were added to refs/heads/master by this push:
     new 7d5dce6  hydra: nginx: Rate limit mumi graphql endpoint.
7d5dce6 is described below

commit 7d5dce60c0522f6fbef60ac9e29371f2f064334b
Author: Arun Isaac <arunisaac@systemreboot.net>
AuthorDate: Mon Mar 11 23:58:34 2024 +0000

    hydra: nginx: Rate limit mumi graphql endpoint.
    
    * hydra/nginx/berlin.scm (%extra-content): Define mumigraphqlzone.
    (%berlin-servers): Rate limit mumi graphql endpoint.
---
 hydra/nginx/berlin.scm | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index 7219257..e2da3db 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -5,6 +5,7 @@
 ;; Copyright © 2020, 2021 Florian Pelz <pelzflorian@pelzflorian.de>
 ;; Copyright © 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;; Copyright © 2021 Mathieu Othacehe <othacehe@gnu.org>
+;; Copyright © 2024 Arun Isaac <arunisaac@systemreboot.net>
 ;; Released under the GNU GPLv3 or any later version.
 
 (use-modules (gnu services web)
@@ -320,7 +321,12 @@ PUBLISH-URL."
        (body (list "root /var/www;")))
       (nginx-location-configuration
        (uri "/")
-       (body '("proxy_pass http://localhost:1234;";)))))
+       (body '("proxy_pass http://localhost:1234;";)))
+      ;; Rate limit graphql endpoint.
+      (nginx-location-configuration
+       (uri "/graphql")
+       (body '("limit_req zone=mumigraphqlzone burst=20 nodelay;"
+               "limit_req_status 429;")))))
     (raw-content
      (append
       %tls-settings
@@ -502,7 +508,10 @@ PUBLISH-URL."
    "proxy_send_timeout 10s;"
 
    ;; Cache timeouts for a little while to avoid increasing pressure.
-   "proxy_cache_valid 504 30s;"))
+   "proxy_cache_valid 504 30s;"
+
+   ;; Rate limit mumi graphql endpoint.
+   "limit_req_zone $binary_remote_addr zone=mumigraphqlzone:1m rate=10r/s;"))
 
 (define %nginx-configuration
   (nginx-configuration

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: hydra: nginx: Rate limit mumi graphql endpoint., Arun Isaac <=

Prev by Date: 08/08: gnu: wlgreet: Update to 0.4.1-1.7e79d60.
Next by Date: branch kernel-updates deleted (was fdc6b86994)
Previous by thread: branch master updated (6fda9cfd0f -> edfb05e16d)
Next by thread: branch kernel-updates deleted (was fdc6b86994)
Index(es):
- Date
- Thread