diff --git a/Makefile b/Makefile index e4aa254..787c8a6 100644 --- a/Makefile +++ b/Makefile @@ -181,6 +181,9 @@ wrk-search: ## Нагрузочный тест поиска (wrk2) -H "Authorization: Bearer $$TOKEN" \ http://localhost:8080/v1/search?type=event\&q=test +curl-health: + for i in {1..120}; do curl -k -s -o /dev/null -w "%{http_code}\n" -H "Host: api.eventhub.local" https://localhost/health; done + wrk-health: ## Нагрузочный тест health (wrk2) wrk -t4 -c100 -d30s -t100 \ -H "Host: api.eventhub.local" \ diff --git a/docker/traefik/dynamic_conf.yml b/docker/traefik/dynamic_conf.yml index c5a4a64..e0a9a59 100644 --- a/docker/traefik/dynamic_conf.yml +++ b/docker/traefik/dynamic_conf.yml @@ -26,18 +26,30 @@ http: # - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\"" - "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\"" + api-ratelimit: + rateLimit: + average: 100 + period: 1m + burst: 50 + + admin-ratelimit: + rateLimit: + average: 20 + period: 1m + burst: 5 + routers: # REST API пользователей api: rule: "Host(`api.eventhub.local`)" entryPoints: ["web"] - middlewares: ["redirect-to-https", "waf"] + middlewares: ["redirect-to-https", "api-ratelimit", "waf"] service: "api" api-secure: rule: "Host(`api.eventhub.local`)" entryPoints: ["websecure"] tls: true - middlewares: ["waf"] + middlewares: ["api-ratelimit", "waf"] service: "api" # WebSocket пользователей (без WAF) @@ -56,13 +68,13 @@ http: admin-api: rule: "Host(`admin.eventhub.local`)" entryPoints: ["web"] - middlewares: ["redirect-to-https", "waf"] + middlewares: ["redirect-to-https", "admin-ratelimit", "waf"] service: "admin-api" admin-api-secure: rule: "Host(`admin.eventhub.local`)" entryPoints: ["websecure"] tls: true - middlewares: ["waf"] + middlewares: ["admin-ratelimit", "waf"] service: "admin-api" # Админский WebSocket (без WAF)