From dfa0964be0dffd2369fe65c80896c371e30a625f Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 27 Nov 2025 11:08:20 -0800 Subject: configure rate limiting for nginx --- profiles/reverse-proxy.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix index dd98ff2..f136ba0 100644 --- a/profiles/reverse-proxy.nix +++ b/profiles/reverse-proxy.nix @@ -41,6 +41,14 @@ in recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; + commonHttpConfig = '' + # limit clients doing too many requests + # can be tested with ab -n 20 -c 10 + limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s; + + # limit clients opening too many connections + limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; + ''; virtualHosts = { "code.fcuny.net" = { enableACME = true; -- cgit v1.2.3