Exempt Matrix server from ntfy rate limit (#2135)

* Exempt Matrix server from ntfy rate limit

Add the matrix fqdn and localhost to ntfy's exemption list.
Also allow all ntfy rate limits to be configured through Ansible
variables.

* Fix names and formatting

* fixes

* tabs not spaces

* Lint

* Use raw tags instead of bracket soup
This commit is contained in:
Karmanyaah Malhotra 2022-11-24 14:12:43 -05:00 committed by GitHub
parent 9c0cf5481a
commit 140acfcc5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 2 deletions

View File

@ -14,6 +14,14 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat
# Public facing base URL of the ntfy service
matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}"
# Rate limits
matrix_ntfy_global_topic_limit: 15000 # default
matrix_ntfy_visitor_subscription_limit: 30 # default
matrix_ntfy_visitor_request_limit_burst: 60 # default
matrix_ntfy_visitor_request_limit_replenish: "5s" # default
# Controls whether the container exposes its HTTP port (tcp/80 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2586"), or empty string to not expose.

View File

@ -2,3 +2,10 @@ base_url: {{ matrix_ntfy_base_url }}
behind_proxy: true
cache_file: /data/cache.db
listen-http: :8080
# Rate Limits
global-topic-limit: {{ matrix_ntfy_global_topic_limit | to_json }}
visitor-subscription-limit: {{ matrix_ntfy_visitor_subscription_limit | to_json }}
visitor-request-limit-burst: {{ matrix_ntfy_visitor_request_limit_burst | to_json }}
visitor-request-limit-replenish: "{{ matrix_ntfy_visitor_request_limit_replenish }}"

View File

@ -11,11 +11,12 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \
ExecStart={{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--env NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS={{matrix_server_fqn_matrix}},localhost,$(docker network inspect {{matrix_docker_network}} -f "{% raw %}{{ (index .IPAM.Config 0).Subnet }}{% endraw %}") \
{% for arg in matrix_ntfy_container_extra_arguments %}
{{ arg }} \
{% endfor %}
@ -26,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
--mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \
--mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \
{{ matrix_ntfy_docker_image }} \
serve
serve'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'