-
-
Save mzpqnxow/6424338d28050acbf6b886b8487e51e6 to your computer and use it in GitHub Desktop.
Nginx reverse proxy with rate limiting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This will ratelimit requests to 10/s | |
| # It will allow up to 128 requests to connect, make their request, and then delay the response | |
| # On the client side, this will appear to be "hung", until one of the 10 slots opens up, at | |
| # which point it will proxy your request | |
| # | |
| # If more than 128 requests are queued, any after that will immediately be returned with an | |
| # error | |
| # | |
| # | |
| upstream myapp { | |
| server 127.0.0.1:8081; | |
| } | |
| limit_req_zone $binary_remote_addr zone=login:10m rate=10r/s; | |
| server { | |
| listen 443 ssl spdy; | |
| server_name _; | |
| ssl on; | |
| ssl_certificate /etc/nginx/ssl/cert.pem; | |
| ssl_certificate_key /etc/nginx/ssl/cert.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers AES256+EECDH:AES256+EDH; | |
| ssl_session_cache builtin:1000 shared:SSL:5m; | |
| ssl_prefer_server_ciphers on; | |
| location / { | |
| proxy_pass http://myapp; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| } | |
| location /account/login/ { | |
| # apply rate limiting | |
| limit_req zone=login burst=128; | |
| # boilerplate copied from location / | |
| proxy_pass http://myapp; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment