Feat: configurable per-site rate limiting

2 files changed, 15 insertions, 0 deletions

diff --git a/manifests/site.pp b/manifests/site.pp
index 4455f45..737a210 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -11,6 +11,11 @@ define nginx::site(
   $cache_size      = '10m',
   $cache_inactive  = '600s',
   $cache_max_size  = '1m',
+  $rate_limit      = false,
+  $rate_limit_key  = '$binary_remote_addr',
+  $rate_limit_zone = $name,
+  $rate_limit_size = "10m",
+  $rate_limit_rate = "20r/s",
   $x_frame_options = 'DENY',
 ) {
   nginx::site::config { $name:
@@ -47,6 +52,11 @@ define nginx::site(
     cache_size      => $cache_size,
     cache_inactive  => $cache_inactive,
     cache_max_size  => $cache_max_size,
+    rate_limit      => $rate_limit,
+    rate_limit_key  => $rate_limit_key,
+    rate_limit_zone => $rate_limit_zone,
+    rate_limit_size => $rate_limit_size,
+    rate_limit_rate => $rate_limit_rate,
     x_frame_options => $x_frame_options,
     require        => $certbot ? {
       true => $ensure ? {
diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index 0cdceea..c0e1809 100644
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -10,6 +10,11 @@ define nginx::site::config(
   $cache_size      = '10m',
   $cache_inactive  = '600s',
   $cache_max_size  = '1m',
+  $rate_limit      = false,
+  $rate_limit_key  = '$binary_remote_addr',
+  $rate_limit_zone = $server_name,
+  $rate_limit_size = "10m",
+  $rate_limit_rate = "20r/s",
   $x_frame_options = 'DENY',
 ){
   case $source {