diff --git a/README.md b/README.md index 219bbb2ddeeb4fdbc150ced1eef4eb1efe750077..56e16fc68a54ece08df281ab99cc2d03d13b20e8 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,9 @@ providing web services on a **single host**. * Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge). * Provision of the following basic Middlewares: * RedirectScheme: Redirect from HTTP to HTTPS + * RateLimit: Limit to a _fair_ amount of requests + * average: 100 requests per second + * burst: 50 requests (per second) * Headers: HTTP Strict Transport Security with long duration * Provision of three configurations (modern, intermediate [default], old) for TLS. diff --git a/config/files/middlewares_basic.toml b/config/files/middlewares_basic.toml index 2dcfde486b81a402244a09341835a2d88c2e9451..f8a6adb849b575ba0b68bd1918b07048d5be211e 100644 --- a/config/files/middlewares_basic.toml +++ b/config/files/middlewares_basic.toml @@ -2,6 +2,12 @@ [http.middlewares] [http.middlewares.http2https.redirectScheme] scheme = "https" + [http.middlewares.ratelimit.rateLimit] + average = 100 + burst = 50 + [http.middlewares.ratelimit.rateLimit.sourceCriterion] + [http.middlewares.ratelimit.rateLimit.sourceCriterion.ipStrategy] + depth = 1 [http.middlewares.sts.headers] forceSTSHeader = true stsSeconds = 31536000 diff --git a/sample.docker-compose.yml b/sample.docker-compose.yml index 7a35789410aee83a369860a94556355a7dadac5d..c5965eb6bb4bf914bf2fa49b171cdea52f02a108 100644 --- a/sample.docker-compose.yml +++ b/sample.docker-compose.yml @@ -52,7 +52,7 @@ services: # - traefik.http.routers.whoami-sec.entrypoints=websecure # - traefik.http.routers.whoami-sec.rule=Host(`whoami.mydomain.com`) # - traefik.http.routers.whoami-sec.tls.certresolver=mydomain-com -# - traefik.http.routers.whoami-sec.middlewares=sts@file,security@file +# - traefik.http.routers.whoami-sec.middlewares=ratelimit@file,sts@file,security@file networks: webproxy: