diff options
Diffstat (limited to 'profiles/reverse-proxy.nix')
| -rw-r--r-- | profiles/reverse-proxy.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix index dd98ff2..f136ba0 100644 --- a/profiles/reverse-proxy.nix +++ b/profiles/reverse-proxy.nix @@ -41,6 +41,14 @@ in recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; + commonHttpConfig = '' + # limit clients doing too many requests + # can be tested with ab -n 20 -c 10 <host> + limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s; + + # limit clients opening too many connections + limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; + ''; virtualHosts = { "code.fcuny.net" = { enableACME = true; |