From 41edad01c628c73e5eaf7200c17ec4504fa74430 Mon Sep 17 00:00:00 2001
From: rjshrjndrn <rjshrjndrn@gmail.com>
Date: Mon, 15 Jul 2019 15:16:28 +0530
Subject: [PATCH] Issue #000 feat: limiting per ip connection

---
 ansible/roles/stack-proxy/defaults/main.yml            | 1 +
 ansible/roles/stack-proxy/templates/nginx.conf         | 2 +-
 ansible/roles/stack-proxy/templates/proxy-default.conf | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/stack-proxy/defaults/main.yml b/ansible/roles/stack-proxy/defaults/main.yml
index 100e108c6..0ae31363b 100644
--- a/ansible/roles/stack-proxy/defaults/main.yml
+++ b/ansible/roles/stack-proxy/defaults/main.yml
@@ -4,6 +4,7 @@ hub_org: sunbird
 proxy_replicas: 1
 proxy_reservation_memory: 32M
 proxy_limit_memory: 64M
+nginx_per_ip_connection_limit: 400
 
 proxy_prometheus: false
 
diff --git a/ansible/roles/stack-proxy/templates/nginx.conf b/ansible/roles/stack-proxy/templates/nginx.conf
index 3b23cbf90..566be10a0 100644
--- a/ansible/roles/stack-proxy/templates/nginx.conf
+++ b/ansible/roles/stack-proxy/templates/nginx.conf
@@ -5,7 +5,7 @@ error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 
 events {
-    worker_connections  2048;
+    worker_connections  10000;
 }
 
 
diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf
index d462b95b9..586b0a443 100644
--- a/ansible/roles/stack-proxy/templates/proxy-default.conf
+++ b/ansible/roles/stack-proxy/templates/proxy-default.conf
@@ -3,6 +3,8 @@ server {
   listen 80;
   listen [::]:80;
   server_name {{ proxy_server_name }};
+  # Limitting open connection per ip
+  limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
 
   return 301 https://{{ proxy_server_name }}$request_uri;
 }
@@ -18,6 +20,8 @@ server {
 {% endif  %}
   server_name           {{ proxy_server_name }};
 
+  # Limitting open connection per ip
+  limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
   proxy_set_header    Host              $host;
   proxy_set_header    X-Real-IP         $remote_addr;
   proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
-- 
GitLab