<titledata-rh="true">Configuring Limits | Zrok</title><metadata-rh="true"name="viewport"content="width=device-width,initial-scale=1"><metadata-rh="true"name="twitter:card"content="summary_large_image"><metadata-rh="true"property="og:url"content="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><metadata-rh="true"property="og:locale"content="en"><metadata-rh="true"name="docusaurus_locale"content="en"><metadata-rh="true"name="docsearch:language"content="en"><metadata-rh="true"name="docusaurus_version"content="current"><metadata-rh="true"name="docusaurus_tag"content="docs-default-current"><metadata-rh="true"name="docsearch:version"content="current"><metadata-rh="true"name="docsearch:docusaurus_tag"content="docs-default-current"><metadata-rh="true"property="og:title"content="Configuring Limits | Zrok"><metadata-rh="true"name="description"content="If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration."><metadata-rh="true"property="og:description"content="If you have not yet configured metrics, please visit the metrics guide first before working through the limits configuration."><linkdata-rh="true"rel="icon"href="/img/space-ziggy.png"><linkdata-rh="true"rel="canonical"href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"><linkdata-rh="true"rel="alternate"href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"hreflang="en"><linkdata-rh="true"rel="alternate"href="https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-limits/"hreflang="x-default"><linkdata-rh="true"rel="preconnect"href="https://CO73R59OLO-dsn.algolia.net"crossorigin="anonymous"><linkrel="preconnect"href="https://www.google-analytics.com">
<script>!function(){functiont(t){document.documentElement.setAttribute("data-theme",t)}vare=function(){try{returnnewURLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{returnlocalStorage.getItem("theme")}catch(t){}}();t(null!==e?e:"dark")}(),function(){try{constc=newURLSearchParams(window.location.search).entries();for(var[t,e]ofc)if(t.startsWith("docusaurus-data-")){vara=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><divid="__docusaurus"><divrole="region"aria-label="Skip to main content"><aclass="skipToContent_fXgn"href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><navaria-label="Main"class="navbar navbar--fixed-top"><divclass="navbar__inner"><divclass="navbar__items"><buttonaria-label="Toggle navigation bar"aria-expanded="false"class="navbar__toggle clean-btn"type="button"><svgwidth="30"height="30"viewBox="0 0 30 30"aria-hidden="true"><pathstroke="currentColor"stroke-linecap="round"stroke-miterlimit="10"stroke-width="2"d="M4 7h22M4 15h22M4 23h22"></path></svg></button><ahref="https://zrok.io"target="_self"rel="noopener noreferrer"class="navbar__brand"><divclass="navbar__logo"><imgsrc="/img/space-ziggy.png"alt="Ziggy Goes to Space"class="themedComponent_mlkZ themedComponent--light_NVdE"><imgsrc="/img/space-ziggy.png"alt="Ziggy Goes to Space"class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><bclass="navbar__title text--truncate">zrok</b></a></div><divclass="navbar__items navbar__items--right"><aaria-current="page"class="navbar__item navbar__link navbar__link--active"href="/docs/getting-started/">Docs</a><ahref="https://github.com/orgs/openziti/projects/16"target="_blank"rel="noopener noreferrer"class="navbar__item navbar__link">Roadmap<svgwidth="13.5"height="13.5"aria-hidden="true"viewBox="0 0 24 24"class="iconExternalLink_nPIU"><pathfill="currentColor"d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><ahref="https://github.com/openziti/zrok"target="_blank"rel="noopener noreferrer"class="navbar__item navbar__link">GitHub<svgwidth="13.5"height="13.5"aria-hidden="true"viewBox="0 0 24 24"class="iconExternalLink_nPIU"><pathfill="currentColor"d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><divclass="toggle_vylO colorModeToggle_DEke"><buttonclass="clean-btn toggleButton_gllP toggleButtonDisabled_aARS"type="button"disabled=""title="Switch between dark and light mode (currently dark mode)"aria-label="Switch between dark and light mode (currently dark mode)"aria-live="polite"><svgviewBox="0 0 24 24"width="24"height="24"class="lightToggleIcon_pyhR"><pathfill="currentColor"d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svgviewBox="0 0 24 24"width="24"height="24"class="darkToggleIcon_wfgR"><pathfill="currentColor"d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0
<blockquote>
<p>If you have not yet configured <ahref="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics</a>, please visit the <ahref="/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/">metrics guide</a> first before working through the limits configuration.</p>
</blockquote>
<p>The limits facility in <code>zrok</code> is responsible for controlling the number of resources in use (environments, shares) and also for ensuring that any single account, environment, or share is held below the configured thresholds.</p>
<p>Take this <code>zrok</code> controller configuration stanza as an example:</p>
<h2class="anchor anchorWithStickyNavbar_LWe7"id="the-global-controls">The Global Controls<ahref="#the-global-controls"class="hash-link"aria-label="Direct link to The Global Controls"title="Direct link to The Global Controls"></a></h2>
<p>The <code>enforcing</code> boolean will globally enable or disable limits for the controller.</p>
<p>The <code>cycle</code> value controls how frequently the limits system will look for limited resources to re-enable.</p>
<h2class="anchor anchorWithStickyNavbar_LWe7"id="resource-limits">Resource Limits<ahref="#resource-limits"class="hash-link"aria-label="Direct link to Resource Limits"title="Direct link to Resource Limits"></a></h2>
<p>The <code>environments</code> and <code>shares</code> values control the number of environments and shares that are allowed per-account. Any limit value can be set to <code>-1</code>, which means <em>unlimited</em>.</p>
<h2class="anchor anchorWithStickyNavbar_LWe7"id="bandwidth-limits">Bandwidth Limits<ahref="#bandwidth-limits"class="hash-link"aria-label="Direct link to Bandwidth Limits"title="Direct link to Bandwidth Limits"></a></h2>
<p>The <code>bandwidth</code> section is designed to provide a configurable system for controlling the amount of data transfer that can be performed by users of the <code>zrok</code> service instance. The bandwidth limits are configurable for each share, environment, and account.</p>
<p><code>per_account</code>, <code>per_environment</code>, and <code>per_share</code> are all configured the same way:</p>
<p>The <code>period</code> specifies the time window for the bandwidth limit. See the documentation for <ahref="https://pkg.go.dev/time#ParseDuration"target="_blank"rel="noopener noreferrer"><code>time.Duration.ParseDuration</code></a> for details about the format used for these durations. If the <code>period</code> is set to 5 minutes, then the limits implementation will monitor the send and receive traffic for the resource (share, environment, or account) for the last 5 minutes, and if the amount of data is greater than either the <code>warning</code> or the <code>limit</code> threshold, action will be taken.</p>
<p>The <code>rx</code> value is the number of bytes <em>received</em> by the resource. The <code>tx</code> value is the number of bytes <em>transmitted</em> by the resource. And <code>total</code> is the combined <code>rx</code>+<code>tx</code> value.</p>
<p>If the traffic quantity is greater than the <code>warning</code> threshold, the user will receive an email notification letting them know that their data transfer size is rising and will eventually be limited (the email details the limit threshold).</p>
<p>If the traffic quantity is greater than the <code>limit</code> threshold, the resources will be limited until the traffic in the window (the last 5 minutes in our example) falls back below the <code>limit</code> threshold.</p>
<h3class="anchor anchorWithStickyNavbar_LWe7"id="limit-actions">Limit Actions<ahref="#limit-actions"class="hash-link"aria-label="Direct link to Limit Actions"title="Direct link to Limit Actions"></a></h3>
<p>When a resource is limited, the actions taken differ depending on what kind of resource is being limited.</p>
<p>When a share is limited, the dial service policies for that share are removed. No other action is taken. This means that public frontends will simply return a <code>404</code> as if the share is no longer there. Private frontends will also return <code>404</code> errors. When the limit is relaxed, the dial policies are put back in place and the share will continue operating normally.</p>
<p>When an environment is limited, all of the shares in that environment become limited, and the user is not able to create new shares in that environment. When the limit is relaxed, all of the share limits are relaxed and the user is again able to add shares to the environment.</p>
<p>When an account is limited, all of the environments in that account become limited (limiting all of the shares), and the user is not able to create new environments or shares. When the limit is relaxed, all of the environments and shares will return to normal operation.</p>
<h2class="anchor anchorWithStickyNavbar_LWe7"id="unlimited-accounts">Unlimited Accounts<ahref="#unlimited-accounts"class="hash-link"aria-label="Direct link to Unlimited Accounts"title="Direct link to Unlimited Accounts"></a></h2>
