From f5cb2af85a2a3798d18d887b5947a65979cb65b9 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 29 Jan 2020 23:59:00 +0300 Subject: cheatsheet: improve rate limiter docs and add new limiters --- docs/configuration/cheatsheet.md | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 30d673eba..f910122df 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -326,14 +326,31 @@ A keyword list of rate limiters where a key is a limiter name and value is the l It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated. +For example: + +```elixir +config :pleroma, :rate_limit, + authentication: {60_000, 15}, + search: [{1000, 10}, {1000, 30}] +``` + +Means that: + +1. In 60 seconds, 50 authentication attempts can be performed from the same IP address. +2. In 1 second, 10 search requests can be performed from the same IP adress by unauthenticated users, while authenticated users can perform 30 search requests per second. + Supported rate limiters: -* `:search` for the search requests (account & status search etc.) -* `:app_account_creation` for registering user accounts from the same IP address -* `:relations_actions` for actions on relations with all users (follow, unfollow) -* `:relation_id_action` for actions on relation with a specific user (follow, unfollow) -* `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses -* `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user +* `:search` - Account/Status search. +* `:app_account_creation` - Account registration from the API. +* `:relations_actions` - Following/Unfollowing in general. +* `:relation_id_action` - Following/Unfollowing for a specific user. +* `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting. +* `:status_id_action` - (un)Repeating/(un)Favouriting a particular status. +* `:authentication` - Authentication actions, i.e getting an OAuth token. +* `password_reset` - Requesting password reset emails. +* `:account_confirmation_resend` - Requesting resending account confirmation emails. +* `:ap_routes` - Requesting statuses via ActivityPub. ### :web_cache_ttl -- cgit v1.2.3 From 889965141a1411dd546757fbb964695bd8f712d7 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 29 Jan 2020 23:59:27 +0300 Subject: RemoteIp: only trust X-Forwarded-For Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway. --- docs/configuration/cheatsheet.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index f910122df..54cc9b1c1 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -308,16 +308,15 @@ This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls start Available options: * `enabled` - Enable/disable the plug. Defaults to `false`. -* `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`. +* `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `["x-forwarded-for"]`. * `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`. * `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network). ### :rate_limit -This is an advanced feature and disabled by default. - -If your instance is behind a reverse proxy you must enable and configure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip). +!!! note + If your instance is behind a reverse proxy ensure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default). A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where: -- cgit v1.2.3 From ff4bef140af4cf17b2f8be2622a528cbea0ed330 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 30 Jan 2020 13:24:24 +0000 Subject: Apply suggestion to docs/configuration/cheatsheet.md --- docs/configuration/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 54cc9b1c1..fcd7cdfb9 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -335,7 +335,7 @@ config :pleroma, :rate_limit, Means that: -1. In 60 seconds, 50 authentication attempts can be performed from the same IP address. +1. In 60 seconds, 15 authentication attempts can be performed from the same IP address. 2. In 1 second, 10 search requests can be performed from the same IP adress by unauthenticated users, while authenticated users can perform 30 search requests per second. Supported rate limiters: -- cgit v1.2.3 From 01537cc1d6a290f6a9002b331b18986036300634 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 30 Jan 2020 18:28:28 +0000 Subject: Apply suggestion to docs/configuration/cheatsheet.md --- docs/configuration/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index fcd7cdfb9..a81bfa29d 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -347,7 +347,7 @@ Supported rate limiters: * `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting. * `:status_id_action` - (un)Repeating/(un)Favouriting a particular status. * `:authentication` - Authentication actions, i.e getting an OAuth token. -* `password_reset` - Requesting password reset emails. +* `:password_reset` - Requesting password reset emails. * `:account_confirmation_resend` - Requesting resending account confirmation emails. * `:ap_routes` - Requesting statuses via ActivityPub. -- cgit v1.2.3 From 90b862e7ab2ad64aed63502bc52ae92e5c0a1791 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 4 Feb 2020 16:22:13 +0100 Subject: Add cheatsheet entry --- docs/configuration/cheatsheet.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index a81bfa29d..ed9049a8d 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -69,6 +69,7 @@ You shouldn't edit the base config directly to avoid breakages and merge conflic * `account_field_name_length`: An account field name maximum length (default: `512`). * `account_field_value_length`: An account field value maximum length (default: `2048`). * `external_user_synchronization`: Enabling following/followers counters synchronization for external users. +* `cleanup_attachments`: Remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances. ## Federation ### MRF policies -- cgit v1.2.3 From 6722dade42d5f404c00386b0336d821028d58d7c Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 6 Feb 2020 15:00:33 +0300 Subject: Simplify in-database config docs Large part of it was no longer true (i.e none of the changes need recompilation anymore and you can't brick an instance by changing them, it's not necessary to manually truncate the db manually anymore) --- docs/configuration/cheatsheet.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs/configuration/cheatsheet.md') diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index ed9049a8d..f30aedc01 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -856,4 +856,5 @@ config :auto_linker, ## :configurable_from_database -Enable/disable configuration from database. + +Boolean, enables/disables in-database configuration. Read [Transfering the config to/from the database](../administration/CLI_tasks/config.md) for more information. -- cgit v1.2.3