From 1f03e6d7b7ddf57f75b80ef7530cd9460cbe9acf Mon Sep 17 00:00:00 2001 From: Opnxng Date: Tue, 26 Dec 2023 04:08:13 +0800 Subject: [PATCH] Implemented rate-limiting for Quora + Load balanced Breezewiki --- config-tasks/teddit.yaml | 2 +- templates/compose/simplytranslate.yaml.j2 | 4 ++-- templates/conf/Caddyfile.j2 | 21 ++++++++++++++------- vars/services.yaml | 16 +++++++++++++--- 4 files changed, 30 insertions(+), 13 deletions(-) diff --git a/config-tasks/teddit.yaml b/config-tasks/teddit.yaml index 88c1ed6..6d93db9 100644 --- a/config-tasks/teddit.yaml +++ b/config-tasks/teddit.yaml @@ -12,4 +12,4 @@ dest: "{{ docker_dir }}/teddit/about.pug" owner: 1000 group: 1000 - mode: 0755 \ No newline at end of file + mode: 0755 diff --git a/templates/compose/simplytranslate.yaml.j2 b/templates/compose/simplytranslate.yaml.j2 index 35e3a58..5f33224 100644 --- a/templates/compose/simplytranslate.yaml.j2 +++ b/templates/compose/simplytranslate.yaml.j2 @@ -20,10 +20,10 @@ services: - REVERSO_ENABLE=true ports: - 8889:5000 - restart: unless-stopped + restart: unless-stopped networks: - simplytranslate networks: simplytranslate: - name: simplytranslate \ No newline at end of file + name: simplytranslate diff --git a/templates/conf/Caddyfile.j2 b/templates/conf/Caddyfile.j2 index dcc65ab..2503e02 100755 --- a/templates/conf/Caddyfile.j2 +++ b/templates/conf/Caddyfile.j2 @@ -305,7 +305,6 @@ copy_headers Remote-User Remote-Groups Remote-Name Remote-Email #import trusted_proxy_list } - encode zstd gzip reverse_proxy {{ oracle2_private_ip }}:8893 header { @@ -363,7 +362,17 @@ @z host z.{$HOSTNAME} handle @z { encode zstd gzip - reverse_proxy {{ oracle3_private_ip }}:8897 + reverse_proxy { + to {{ oracle1_private_ip }}:8897 + to {{ oracle2_private_ip }}:8897 + to {{ oracle3_private_ip }}:8897 + to {{ oracle4_private_ip }}:8897 + lb_policy ip_hash + lb_try_duration 5s + lb_try_interval 1s + fail_duration 30s + max_fails 3 + } header { X-Permitted-Cross-Domain-Policies "none" X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow" @@ -480,6 +489,8 @@ @q host q.{$HOSTNAME} handle @q { encode zstd gzip + rate_limit {remote.ip} 2r/s 60000 500 + rate_limit {remote.ip} 45r/m 300000 500 reverse_proxy { to {{ oracle1_private_ip }}:8904 to {{ oracle2_private_ip }}:8904 @@ -490,6 +501,7 @@ lb_try_interval 1s fail_duration 30s max_fails 3 + header_up X-Real-IP {remote_host} } header { X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow" @@ -645,11 +657,9 @@ X-Frame-Options SAMEORIGIN -Server } - log { output discard } - handle { abort } @@ -660,15 +670,12 @@ # Imgin redirect to handle i.imgur.com i.r.{$HOSTNAME} { - handle { redir https://r.opnxng.com{uri} } - log { output discard } - handle { abort } diff --git a/vars/services.yaml b/vars/services.yaml index 78f15ea..ed265e9 100644 --- a/vars/services.yaml +++ b/vars/services.yaml @@ -1,6 +1,10 @@ config: - vultr: - - teddit + oracle4: + - caddy + +compose: + oracle4: + - caddy # ---------------------------------------------------------------------------------------------------- @@ -18,6 +22,7 @@ deployed-compose: - send - privatebin #################### + - breezewiki - voyager - mlmym - photon @@ -40,6 +45,7 @@ deployed-compose: - firefox - wolfree #################### + - breezewiki - voyager - mlmym - photon @@ -59,12 +65,12 @@ deployed-compose: - socks5 - priviblur oracle3: - - breezewiki - etherpad - gitea - runner - ntfy #################### + - breezewiki - voyager - mlmym - photon @@ -90,6 +96,7 @@ deployed-compose: - authelia - geoipupdate #################### + - breezewiki - voyager - mlmym - photon @@ -119,11 +126,13 @@ deployed-config: - anonymousoverflow - scribe - priviblur + - breezewiki oracle2: - firefox - anonymousoverflow - scribe - priviblur + - breezewiki oracle3: - ntfy - gitea @@ -141,3 +150,4 @@ deployed-config: - anonymousoverflow - scribe - priviblur + - breezewiki