From b0a6699500db588a7c87ef773fb1d7625cd14376 Mon Sep 17 00:00:00 2001 From: Karmanyaah Malhotra Date: Mon, 26 Sep 2022 23:48:59 -0500 Subject: [PATCH] Exempt Matrix server from ntfy rate limit Add the matrix fqdn and localhost to ntfy's exemption list. Also allow all ntfy rate limits to be configured through Ansible variables. --- roles/custom/matrix-ntfy/defaults/main.yml | 7 +++++++ roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml index 8b8a89539..dc3b425b0 100644 --- a/roles/custom/matrix-ntfy/defaults/main.yml +++ b/roles/custom/matrix-ntfy/defaults/main.yml @@ -14,6 +14,13 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Public facing base URL of the ntfy service matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" +# Rate limits +matrix_ntfy_limit_burst_rate: 60 # default +matrix_ntfy_limit_replenish_rate: "5s" # default +matrix_ntfy_limit_rate_exempt: "{{matrix_server_fqn_matrix}},localhost" # exempt our matrix server from rate limits, this may not work when the homeserver's outgoing IP is different from the incoming IP, but most small deployments should be fine. +matrix_ntfy_limit_global_topic: 15000 # default +matrix_ntfy_limit_visitor_subscriptions: 30 # default + # Controls whether the container exposes its HTTP port (tcp/80 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:2586"), or empty string to not expose. diff --git a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 index 096991a70..030d45ba4 100644 --- a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 +++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -2,3 +2,11 @@ base_url: {{ matrix_ntfy_base_url }} behind_proxy: true cache_file: /data/cache.db listen-http: :8080 + +# Rate Limits +global-topic-limit: {{ matrix_ntfy_limit_global_topic }} +visitor-subscription-limit: {{ matrix_ntfy_limit_visitor_subscriptions }} + +visitor-request-limit-burst: {{ matrix_ntfy_limit_burst_rate }} +visitor-request-limit-replenish: "{{ matrix_ntfy_limit_replenish_rate }}" +visitor-request-limit-exempt-hosts: "{{ matrix_ntfy_limit_rate_exempt }}"