Add defensive relay features with rate limiting and connection limits

Implement defensive measures to protect against DoS attacks: - Add explicit rate limits (500 subscriptions, 60 events/min per connection) - Add total connection limit (default: 500, configurable via NGIT_MAX_CONNECTIONS) - Update configuration across all 4 locations (src, nix, docs, .env.example) Per-IP rate limiting deferred until abuse is detected in production or implemented in rust-nostr relay-builder to benefit the entire Nostr ecosystem. Documentation added explaining the defensive features and rationale. Detailed analysis of other relay implementations preserved in commit history.
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-14 13:40:33 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-14 13:43:40 +0000
commit: 5897e4bccd41f1a9ebb01a11280cea929c93d2c0 (patch)
tree: cbe4d2447312b7bc7653bef874b6fb23d60a0ede /.env.example
parent: 4c8f1813fada9ce2bfd371095b0721bff68173e3 (diff)
parent: 2821578202d1313c23c30a5dbae39548822e3c55 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/.env.example b/.env.example
index 707efd4..953ae93 100644
--- a/.env.example
+++ b/.env.example
@@ -277,4 +277,14 @@
 # Examples:
 #   NGIT_EVENT_BLACKLIST=npub1spam...
 #   NGIT_EVENT_BLACKLIST=npub1spam...,npub1abuser...
-# NGIT_EVENT_BLACKLIST=
-\ No newline at end of file
+# NGIT_EVENT_BLACKLIST=
+# ============================================================================
+# RATE LIMITING & DOS PROTECTION
+# ============================================================================
+# Maximum total connections to the relay
+# Prevents connection exhaustion DoS attacks
+# CLI: --max-connections <count>
+# Default: 500
+# NGIT_MAX_CONNECTIONS=500
+\ No newline at end of file
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-14 13:40:33 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-14 13:43:40 +0000
commit	5897e4bccd41f1a9ebb01a11280cea929c93d2c0 (patch)
tree	cbe4d2447312b7bc7653bef874b6fb23d60a0ede /.env.example
parent	4c8f1813fada9ce2bfd371095b0721bff68173e3 (diff)
parent	2821578202d1313c23c30a5dbae39548822e3c55 (diff)

diff --git a/.env.example b/.env.example index 707efd4..953ae93 100644 --- a/.env.example +++ b/.env.example
@@ -277,4 +277,14 @@
277	# Examples:	277	# Examples:
278	# NGIT_EVENT_BLACKLIST=npub1spam...	278	# NGIT_EVENT_BLACKLIST=npub1spam...
279	# NGIT_EVENT_BLACKLIST=npub1spam...,npub1abuser...	279	# NGIT_EVENT_BLACKLIST=npub1spam...,npub1abuser...
280	# NGIT_EVENT_BLACKLIST= \ No newline at end of file	280	# NGIT_EVENT_BLACKLIST=
		281
		282	# ============================================================================
		283	# RATE LIMITING & DOS PROTECTION
		284	# ============================================================================
		285
		286	# Maximum total connections to the relay
		287	# Prevents connection exhaustion DoS attacks
		288	# CLI: --max-connections <count>
		289	# Default: 500
		290	# NGIT_MAX_CONNECTIONS=500 \ No newline at end of file