The two relevant sections of the nginx config appear to be:
limit_req_zone $binary_remote_addr zone=flood:10m rate=12r/s;
limit_req_zone $binary_remote_addr zone=bot:10m rate=200r/m;
limit_req_status 429;
limit_conn_zone $binary_remote_addr zone=connperip:10m;
limit_conn_status 429;
server {
listen 80;
return 301 https://community.ankihub.net$request_uri;
}
and
location @discourse {
add_header Strict-Transport-Security 'max-age=31536000'; # remember the certificate for a year and automatically connect to HTTPS for this domain
limit_conn connperip 20;
limit_req zone=flood burst=12 nodelay;
limit_req zone=bot burst=100 nodelay;
proxy_set_header Host $http_host;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
}
}
My remaining questions now are:
-
Should I edit both sections in order to match my Discourse settings? Or just the values for
location @discourse? -
What’s the correct way to modify these values and persist the changes across rebuilds?
I assume that I can edit the nginx config directly in the container then stop/start the container. But it looks like these values originally came fromtemplates/web.ratelimited.template.ymland may be overwritten on a rebuild?
Thanks so much for your help! 