Oronemu/game-marathon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security

Browse Source
This commit is contained in:
Oronemu
2025-12-18 17:15:21 +07:00
parent 57bad3b4a8
commit 33f49f4e47
17 changed files with 181 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nginx.conf
View File

@@ -17,6 +17,10 @@ http {
# File upload limit (15 MB)
client_max_body_size 15M;
# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api_auth:10m rate=10r/m;
limit_req_zone $binary_remote_addr zone=api_general:10m rate=60r/m;
upstream backend {
server backend:8000;
}
@@ -37,8 +41,22 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Backend API
# Auth API - strict rate limit (10 req/min with burst of 5)
location /api/v1/auth {
limit_req zone=api_auth burst=5 nodelay;
limit_req_status 429;
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Backend API - general rate limit (60 req/min with burst of 20)
location /api {
limit_req zone=api_general burst=20 nodelay;
limit_req_status 429;
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;