Skip to content

charts/nginz: Fixup Rate limit for claiming MLS key-pacakges by requesting and target user #3923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akshaymankar merged 1 commit into from
Mar 5, 2024
Merged

charts/nginz: Fixup Rate limit for claiming MLS key-pacakges by requesting and target user #3923

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions charts/nginz/templates/conf/_nginx.conf.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,10 @@ http {
limit_req zone={{ $location.specific_user_rate_limit }}{{ if hasKey $location "specific_user_rate_limit_burst" }} burst={{ $location.specific_user_rate_limit_burst }}{{ end }} nodelay;
{{- end }}

{{- range $specific_limit := $location.specific_rate_limits }}
limit_req zone={{ $specific_limit.zone }}{{ if hasKey $specific_limit "burst" }} burst={{ $specific_limit.burst }}{{ end }} nodelay;
{{- end }}

if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Methods' "GET, POST, PUT, DELETE, OPTIONS";
add_header 'Access-Control-Allow-Headers' "$http_access_control_request_headers, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type";
Expand Down
16 changes: 13 additions & 3 deletions charts/nginz/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ nginx_conf:
user_rate_limit_request_zones:
- limit_req_zone $rate_limited_by_addr zone=reqs_per_addr_sso:12m rate=50r/s;
- limit_req_zone $rate_limited_by_zuser zone=reqs_per_user_signatures:12m rate=10r/m;
- limit_req_zone $rate_limited_by_zuser_path zone=key_package_claims:12m rate=100r/m;
- limit_req_zone $rate_limited_by_zuser zone=key_package_claims_per_user:12m rate=3000r/m;
- limit_req_zone $rate_limited_by_zuser_path zone=key_package_claims_per_user_per_target:12m rate=100r/m;
- limit_req_zone $rate_limited_by_zuser zone=one2one_conv:12m rate=3000r/m;

# The origins from which we allow CORS requests. These are combined with
Expand Down Expand Up @@ -214,8 +215,17 @@ nginx_conf:
- path: /mls/key-packages/claim
envs:
- all
specific_user_rate_limit: key_package_claims
specific_user_rate_limit_burst: 100
specific_rate_limits:
# This endpoint gets called for every user that will get added to a
# conversation. A lot of these are expected during conversation
# creation.
- zone: key_package_claims_per_user
burst: 600
- zone: key_package_claims_per_user_per_target
burst: 100
# The name is a little misleading, this just disables default rate
# limiting in favour of the specific one defined above.
unlimited_requests_endpoint: true
- path: /mls/key-packages
envs:
- all
Expand Down