Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nginx rate limiting #143

Closed
scottlinux opened this issue Aug 10, 2017 · 4 comments
Closed

Add nginx rate limiting #143

scottlinux opened this issue Aug 10, 2017 · 4 comments
Assignees
@scottlinux

Comments

@scottlinux
Copy link
Contributor

To prevent unintended flooding of requests which can impact a jenkins master, nginx rate limiting can be used.

Random example for the @ jenkins location block of cinch:

roles/jenkins_master/templates/etc/nginx/conf.d/jenkins_https.conf

limit_req_zone $binary_remote_addr zone=jenkins:10m rate=25r/s;

server {

...

  location @jenkins {
    proxy_http_version  1.1;
    proxy_connect_timeout       30s;
    proxy_send_timeout          120;
    proxy_read_timeout          120;
    client_max_body_size 35m;
    limit_req zone=jenkins;
    proxy_buffer_size 4k;
    proxy_buffers 8 32m;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect http:// https://;
    proxy_pass              http://jenkins;
  }

https://www.nginx.com/blog/rate-limiting-nginx/
@scottlinux
Copy link
Contributor Author

scottlinux commented Aug 23, 2017
edited
Loading

A person in #nginx on freenode suggested also looking into bandwidth rate limiting which can be implemented conditionally, if desired.

http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate

https://www.nginx.com/resources/admin-guide/restricting-access/

I'll test some things out offline then work up a PR.

@scottlinux
Copy link
Contributor Author

I have some working configs that seem plausible. I will work up a PR.

scottlinux added a commit to scottlinux/cinch that referenced this issue Oct 25, 2017
@scottlinux
Add nginx rate limiting
3d158f1 
For RedHatQE#143
@scottlinux scottlinux mentioned this issue Oct 25, 2017
Merged
@scottlinux
Copy link
Contributor Author

I have some updated changes to make this an optional feature to enable. Feature would be disabled by default. PR will be updated with changes.

scottlinux added a commit to scottlinux/cinch that referenced this issue Jan 5, 2018
@scottlinux
Add nginx rate limiting
fb04bd7 
For RedHatQE#143
scottlinux added a commit to scottlinux/cinch that referenced this issue Jan 5, 2018
@scottlinux
Add nginx rate limiting
27dead1 
For RedHatQE#143
scottlinux added a commit to scottlinux/cinch that referenced this issue Jan 8, 2018
@scottlinux
Add nginx rate limiting
eab1d80 
For RedHatQE#143
scottlinux added a commit to scottlinux/cinch that referenced this issue Jan 8, 2018
@scottlinux
Add nginx rate limiting
5616178 
For RedHatQE#143
scottlinux added a commit to scottlinux/cinch that referenced this issue Jan 9, 2018
@scottlinux
Add nginx rate limiting
b3511fe 
For RedHatQE#143
@scottlinux
Copy link
Contributor Author

This was merged in as an opt-in feature for cinch.

#188

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scottlinux scottlinux

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scottlinux