From 216fa9d5793469f2ad958363fb270990fbce3787 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 25 Oct 2022 15:48:00 +0200
Subject: [PATCH] Update nginx template

Add rate limit to download and private static files
---
 support/nginx/peertube | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/support/nginx/peertube b/support/nginx/peertube
index cf200ba00..aeeb5a612 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -214,8 +214,16 @@ server {
     try_files $uri @api;
   }
 
-  location ~ ^/static/(webseed|streaming-playlists)/private/ {
-    try_files /dev/null @api;
+  location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
+    # We can't rate limit a try_files directive, so we need to duplicate @api
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host            $host;
+    proxy_set_header X-Real-IP       $remote_addr;
+
+    proxy_limit_rate 5M;
+
+    proxy_pass http://backend;
   }
 
   # Bypass PeerTube for performance reasons. Optional.
@@ -231,9 +239,9 @@ server {
     }
 
     # Use this line with nginx >= 1.17.0
-    #limit_rate $peertube_limit_rate;
-    # Or this line if your nginx < 1.17.0
-    set $limit_rate $peertube_limit_rate;
+    limit_rate $peertube_limit_rate;
+    # Or this line with nginx < 1.17.0
+    # set $limit_rate $peertube_limit_rate;
 
     if ($request_method = 'OPTIONS') {
       add_header Access-Control-Allow-Origin  '*';
-- 
2.41.0