eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/fly
History
Erich Blume 7a42aeb77c
All checks were successful
Deploy Fly.io Proxy / deploy (push) Successful in 1m35s
Details
Mitigate Forgejo archive endpoint DoS from crawler abuse 
Crawlers hitting /archive/ endpoints with unique commit SHAs generated 54GB
of git bundles in 2 days, pegging Forgejo at 43% CPU. Fix at multiple layers:

- Redirect archive requests to tailnet at Fly proxy (302)
- Expand robots.txt: block /users/, /*/archive/, /*/releases/download/
- Cache release artifact downloads at nginx (immutable, 7d TTL)
- Enable [cron.archive_cleanup] with 2h TTL and run-at-start

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-17 14:21:22 -07:00
..
fail2ban Expose Forgejo publicly at forge.eblu.me (#278) 2026-03-03 08:40:41 -08:00
alloy.river Fix cache hit rate on APM and Fly.io dashboards (#177) 2026-02-12 18:40:48 -08:00
Dockerfile Pin Fly.io Tailscale to v1.94.1 to fix MagicDNS regression in v1.96.5 2026-04-10 19:32:38 -07:00
error.html Serve friendly error page when Fly.io proxy upstreams are unreachable (#133) 2026-02-09 12:01:24 -08:00
fly.toml Bump Fly.io proxy VM to 512MB, fix TruffleHog scanning (#152) 2026-02-11 12:03:51 -08:00
nginx.conf Mitigate Forgejo archive endpoint DoS from crawler abuse 2026-04-17 14:21:22 -07:00
start.sh Revert fly/start.sh to polling loop — tailscale wait needs v1.96.2+ 2026-03-22 19:44:47 -07:00