docker: allow to control import/export rate limiting parameters

The newly introduces environment variables are IMPORT_EXPORT_RATE_LIMIT_WINDOW
and IMPORT_EXPORT_MAX_REQ_PER_IP.

doc/docker.md

@@ -74,6 +74,8 @@ Available options:
 * `USER_PASSWORD`: the password for the first user `user` (leave unspecified if you do not want to create it)
 * `TRUST_PROXY`: set to `true` if you are using a reverse proxy in front of Etherpad (for example: Traefik for SSL termination via Let's Encrypt). This will affect security and correctness of the logs if not done
 * `IMPORT_MAX_FILE_SIZE`: maximum allowed file size when importing a pad, in bytes. Default: 52428800 (50 MB)
+* `IMPORT_EXPORT_MAX_REQ_PER_IP`: maximum number of import/export calls per IP. Default: 10
+* `IMPORT_EXPORT_RATE_LIMIT_WINDOW`: the call rate for import/export requests will be estimated in this time window (in milliseconds). Default: 90000 ms
 * `LOGLEVEL`: valid values are `DEBUG`, `INFO`, `WARN` and `ERROR`
 
 ### Examples

settings.json.docker

@@ -419,10 +419,10 @@
    */
   "importExportRateLimiting": {
     // duration of the rate limit window (milliseconds)
-    "windowMs": 90000,
+    "windowMs": "${IMPORT_EXPORT_RATE_LIMIT_WINDOW:90000}",
 
     // maximum number of requests per IP to allow during the rate limit window
-    "max": 10
+    "max": "${IMPORT_EXPORT_MAX_REQ_PER_IP:10}"
   },
 
   /*