Feat: rate limiting: adds $rate_limit_burst and $rate_limit_delay

diff --git a/manifests/site.pp b/manifests/site.pp
index 737a210beb3bc2127c965eb66eb7938edd299bf1..a73ca5a9bac8bef051ba2035bfd1c4fa34d1f10a 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,22 +1,24 @@
 define nginx::site(
 define nginx::site(

-  $ensure          = present,
-  $ssl             = present,
-  $source          = 'template',
-  $certbot         = true,
-  $template        = 'site',
-  $backend         = 'weblocal',
-  $aliases         = "*.${name}",
-  $cache           = false,
-  $cache_levels    = '1:2',
-  $cache_size      = '10m',
-  $cache_inactive  = '600s',
-  $cache_max_size  = '1m',
-  $rate_limit      = false,
-  $rate_limit_key  = '$binary_remote_addr',
-  $rate_limit_zone = $name,
-  $rate_limit_size = "10m",
-  $rate_limit_rate = "20r/s",
-  $x_frame_options = 'DENY',
+  $ensure           = present,
+  $ssl              = present,
+  $source           = 'template',
+  $certbot          = true,
+  $template         = 'site',
+  $backend          = 'weblocal',
+  $aliases          = "*.${name}",
+  $cache            = false,
+  $cache_levels     = '1:2',
+  $cache_size       = '10m',
+  $cache_inactive   = '600s',
+  $cache_max_size   = '1m',
+  $rate_limit       = false,
+  $rate_limit_key   = '$binary_remote_addr',
+  $rate_limit_zone  = $name,
+  $rate_limit_size  = "10m",
+  $rate_limit_rate  = "20r/s",
+  $rate_limit_burst = '10',
+  $rate_limit_delay = '1',
+  $x_frame_options  = 'DENY',

 ) {
   nginx::site::config { $name:
     ensure   => $ensure,
 ) {
   nginx::site::config { $name:
     ensure   => $ensure,


@@ -43,21 +45,23 @@ define nginx::site(
       'present' => $ssl,
       default   => absent,
     },
       'present' => $ssl,
       default   => absent,
     },

-    source          => $source,
-    template        => "${template}-ssl",
-    backend         => $backend,
-    aliases         => $aliases,
-    cache           => $cache,
-    cache_levels    => $cache_levels,
-    cache_size      => $cache_size,
-    cache_inactive  => $cache_inactive,
-    cache_max_size  => $cache_max_size,
-    rate_limit      => $rate_limit,
-    rate_limit_key  => $rate_limit_key,
-    rate_limit_zone => $rate_limit_zone,
-    rate_limit_size => $rate_limit_size,
-    rate_limit_rate => $rate_limit_rate,
-    x_frame_options => $x_frame_options,
+    source           => $source,
+    template         => "${template}-ssl",
+    backend          => $backend,
+    aliases          => $aliases,
+    cache            => $cache,
+    cache_levels     => $cache_levels,
+    cache_size       => $cache_size,
+    cache_inactive   => $cache_inactive,
+    cache_max_size   => $cache_max_size,
+    rate_limit       => $rate_limit,
+    rate_limit_key   => $rate_limit_key,
+    rate_limit_zone  => $rate_limit_zone,
+    rate_limit_size  => $rate_limit_size,
+    rate_limit_rate  => $rate_limit_rate,
+    rate_limit_burst => $rate_limit_burst,
+    rate_limit_delay => $rate_limit_delay,
+    x_frame_options  => $x_frame_options,

     require        => $certbot ? {
       true => $ensure ? {
         'present' => Certbot::Manage[$name],
     require        => $certbot ? {
       true => $ensure ? {
         'present' => Certbot::Manage[$name],

diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index c0e1809c5a2381da200c3e996a63c6618730c104..0d88cb10dfbf5b73b8ca9691808c911d5229da24 100644 (file)
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -1,21 +1,23 @@
 define nginx::site::config(
 define nginx::site::config(

-  $server_name     = $name,
-  $ensure          = present,
-  $source          = 'template',
-  $template        = 'site',
-  $backend         = 'weblocal',
-  $aliases         = "*.${name}",
-  $cache           = false,
-  $cache_levels    = '1:2',
-  $cache_size      = '10m',
-  $cache_inactive  = '600s',
-  $cache_max_size  = '1m',
-  $rate_limit      = false,
-  $rate_limit_key  = '$binary_remote_addr',
-  $rate_limit_zone = $server_name,
-  $rate_limit_size = "10m",
-  $rate_limit_rate = "20r/s",
-  $x_frame_options = 'DENY',
+  $server_name      = $name,
+  $ensure           = present,
+  $source           = 'template',
+  $template         = 'site',
+  $backend          = 'weblocal',
+  $aliases          = "*.${name}",
+  $cache            = false,
+  $cache_levels     = '1:2',
+  $cache_size       = '10m',
+  $cache_inactive   = '600s',
+  $cache_max_size   = '1m',
+  $rate_limit       = false,
+  $rate_limit_key   = '$binary_remote_addr',
+  $rate_limit_zone  = $server_name,
+  $rate_limit_size  = "10m",
+  $rate_limit_rate  = "20r/s",
+  $rate_limit_burst = '10',
+  $rate_limit_delay = '1',
+  $x_frame_options  = 'DENY',

 ){
   case $source {
     'file': {
 ){
   case $source {
     'file': {

diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index ae146bbba720be1aaa96d75e6e5a0a9874e479c9..4eece6ed1c913f4db937772b18382cfee5373864 100644 (file)
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -34,7 +34,7 @@ server {
 <% if @rate_limit == true -%>
 
     # rate limiting
 <% if @rate_limit == true -%>
 
     # rate limiting

-    limit_req zone=<%= @rate_limit_zone %>;
+    limit_req zone=<%= @rate_limit_zone %> burst=<%= @rate_limit_burst %> delay=<%= @rate_limit_delay %>;

 <% end -%>
   }
 }
 <% end -%>
   }
 }