$cache_size = '10m',
$cache_inactive = '600s',
$cache_max_size = '1m',
+ $rate_limit = false,
+ $rate_limit_key = '$binary_remote_addr',
+ $rate_limit_zone = $name,
+ $rate_limit_size = "10m",
+ $rate_limit_rate = "20r/s",
$x_frame_options = 'DENY',
) {
nginx::site::config { $name:
cache_size => $cache_size,
cache_inactive => $cache_inactive,
cache_max_size => $cache_max_size,
+ rate_limit => $rate_limit,
+ rate_limit_key => $rate_limit_key,
+ rate_limit_zone => $rate_limit_zone,
+ rate_limit_size => $rate_limit_size,
+ rate_limit_rate => $rate_limit_rate,
x_frame_options => $x_frame_options,
require => $certbot ? {
true => $ensure ? {
$cache_size = '10m',
$cache_inactive = '600s',
$cache_max_size = '1m',
+ $rate_limit = false,
+ $rate_limit_key = '$binary_remote_addr',
+ $rate_limit_zone = $server_name,
+ $rate_limit_size = "10m",
+ $rate_limit_rate = "20r/s",
$x_frame_options = 'DENY',
){
case $source {
<% if @cache == true -%>
proxy_cache_path /var/cache/nginx/<%= @name %> levels=<%= @cache_levels %> keys_zone=<%= @name %>:<%= @cache_size %> inactive=<%= @cache_inactive %> max_size=<%= @cache_max_size %>;
<% end -%>
+<% if @rate_limit == true and @rate_limit_zone == @server_name -%>
+limit_req_zone <%= @rate_limit_key %> zone=<%= @rate_limit_zone %>:<%= @rate_limit_size %> rate=<%= @rate_limit_rate %>;
+<% end -%>
server {
listen 443;
server_name <%= @server_name %> <%= @aliases %>;
# cache config
proxy_cache <%= @name %>;
+<% end -%>
+<% if @rate_limit == true -%>
+
+ # rate limiting
+ limit_req zone=<%= @rate_limit_zone %>;
<% end -%>
}
}
projects / puppet-nginx.git / commitdiff