From 4c6a12ce2bb8f02e8ca90804fd1519f9f2f0b2ff Mon Sep 17 00:00:00 2001 From: Ole Langbehn Date: Mon, 8 Feb 2021 13:32:43 +0100 Subject: [PATCH] Add commitRateLimiting settings block to settings.json.docker The settings commitRateLimiting.duration and commitRateLimiting.points were not available in the settings.json.docker file, and therefore it was not possible to override their values via environment variables. Now, they can be overridden by setting the following env vars: * commitRateLimiting.duration: COMMIT_RATE_LIMIT_DURATION * commitRateLimiting.points: COMMIT_RATE_LIMIT_POINTS --- doc/docker.md | 2 ++ settings.json.docker | 16 ++++++++++++++++ settings.json.template | 4 ++-- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/doc/docker.md b/doc/docker.md index e12a8fb12..e6c343dcd 100644 --- a/doc/docker.md +++ b/doc/docker.md @@ -168,6 +168,8 @@ For the editor container, you can also make it full width by adding `full-width- | `IMPORT_MAX_FILE_SIZE` | maximum allowed file size when importing a pad, in bytes. | `52428800` (50 MB) | | `IMPORT_EXPORT_MAX_REQ_PER_IP` | maximum number of import/export calls per IP. | `10` | | `IMPORT_EXPORT_RATE_LIMIT_WINDOW` | the call rate for import/export requests will be estimated in this time window (in milliseconds) | `90000` | +| `COMMIT_RATE_LIMIT_DURATION` | duration of the rate limit window for commits by individual users/IPs (in seconds) | `1` | +| `COMMIT_RATE_LIMIT_POINTS` | maximum number of changes per IP to allow during the rate limit window | `10` | | `SUPPRESS_ERRORS_IN_PAD_TEXT` | Should we suppress errors from being visible in the default Pad Text? | `false` | | `REQUIRE_SESSION` | If this option is enabled, a user must have a session to access pads. This effectively allows only group pads to be accessed. | `false` | | `EDIT_ONLY` | Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. | `false` | diff --git a/settings.json.docker b/settings.json.docker index 6938b2713..de9cc3245 100644 --- a/settings.json.docker +++ b/settings.json.docker @@ -486,6 +486,22 @@ */ "importMaxFileSize": "${IMPORT_MAX_FILE_SIZE:52428800}", // 50 * 1024 * 1024 + /* + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited + * + * The default is to allow at most 10 changes per IP in a 1 second window. + * After that the change is rejected. + * + * See https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#websocket-single-connection-prevent-flooding for more options + */ + "commitRateLimiting": { + // duration of the rate limit window (seconds) + "duration": "${COMMIT_RATE_LIMIT_DURATION:1}", + + // maximum number of changes per IP to allow during the rate limit window + "points": "${COMMIT_RATE_LIMIT_POINTS:10}" + }, + /* * Toolbar buttons configuration. * diff --git a/settings.json.template b/settings.json.template index b15b024ab..d78035ad4 100644 --- a/settings.json.template +++ b/settings.json.template @@ -492,7 +492,7 @@ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 /* - * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * * The default is to allow at most 10 changes per IP in a 1 second window. * After that the change is rejected. @@ -503,7 +503,7 @@ // duration of the rate limit window (seconds) "duration": 1, - // maximum number of chanes per IP to allow during the rate limit window + // maximum number of changes per IP to allow during the rate limit window "points": 10 },