From 97f2667d960a3577539640f9a1f6496669e4ffcb Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Thu, 12 Sep 2024 10:28:47 +0200
Subject: [PATCH] traefik: rate-limit for forgejo (#176)

Reviewed-on: https://git.mgrote.net///mg/homeserver/pulls/176
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
---
 docker-compose/traefik/file-provider.yml | 11 +++++++++++
 docker-compose/traefik/traefik.yml       |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml
index d97fd9d4..8f5b496e 100644
--- a/docker-compose/traefik/file-provider.yml
+++ b/docker-compose/traefik/file-provider.yml
@@ -5,6 +5,8 @@ http:
     router_gitea:
       rule: "Host(`git.mgrote.net`)"
       service: "service_gitea"
+      middlewares:
+        - "ratelimit"
       entrypoints:
         - entry_https
       tls:
@@ -15,3 +17,12 @@ http:
       loadBalancer:
         servers:
           - url: "http://forgejo.mgrote.net:3000/"
+###### middlewares #####
+  middlewares:
+    ratelimit:
+      rateLimit:
+        average: 10
+        burst: 5
+        sourceCriterion:
+          ipStrategy:
+            depth: 2
diff --git a/docker-compose/traefik/traefik.yml b/docker-compose/traefik/traefik.yml
index 6cb83cc9..a7aa2321 100644
--- a/docker-compose/traefik/traefik.yml
+++ b/docker-compose/traefik/traefik.yml
@@ -33,6 +33,8 @@ certificatesResolvers:
 log:
   level: INFO
 
+accessLog: {}
+
 api:
   insecure: true
   dashboard: true # unter Port 8081 erreichbar