From d50bfb5513d3a2b17ae8cf7a3b941074dee15e4e Mon Sep 17 00:00:00 2001
From: Matthias Pfeil <matthias.pfeil@wwu.de>
Date: Wed, 22 Mar 2023 16:10:45 +0100
Subject: [PATCH 1/2] Enable auto https redirects

---
 Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Caddyfile b/Caddyfile
index e190745..34426ce 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -9,7 +9,7 @@
 	# TLS Options
 	email {$ISSUER_ADDRESS}
 	acme_ca {$ACME_CA_ENDPOINT:https://acme-v02.api.letsencrypt.org/directory}
-	auto_https disable_redirects
+	# auto_https disable_redirects
 	key_type rsa2048
 
 	# Server Options

From 7d200ade220d37c63f5cef0c820000612872d88a Mon Sep 17 00:00:00 2001
From: Matthias Pfeil <matthias.pfeil@wwu.de>
Date: Wed, 22 Mar 2023 16:44:05 +0100
Subject: [PATCH 2/2] Higher ratelimit in ingress routes

---
 vhosts/1api.enabled | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/vhosts/1api.enabled b/vhosts/1api.enabled
index 59d1094..75be093 100644
--- a/vhosts/1api.enabled
+++ b/vhosts/1api.enabled
@@ -90,13 +90,15 @@
 	}
 
 	route @boxes_whitelist {
-		# no ratelimit for whitelisted ips
+		# higher ratelimit for whitelisted ips
+		import ratelimit 300 "1m"
 
 		reverse_proxy api:8000
 	}
 
 	route @boxes_whitelist_token {
-		# no ratelimit for whitelisted tokens
+		# higher ratelimit for whitelisted ips
+		import ratelimit 300 "1m"
 
 		reverse_proxy api:8000
 	}
@@ -141,7 +143,8 @@ http://{$INGRESS_DOMAIN} {
 	}
 
 	route @boxes_whitelist_token {
-		# no ratelimit for whitelisted tokens
+		# higher ratelimit for whitelisted ips
+		import ratelimit 300 "1m"
 
 		reverse_proxy api:8000
 	}