3 files changed, 12 insertions, 3 deletions

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index cd9bacf68..311583820 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -71,10 +71,13 @@ end
 
 Devise.setup do |config|
   config.warden do |manager|
+    manager.default_strategies(scope: :user).unshift :database_authenticatable
     manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication
     manager.default_strategies(scope: :user).unshift :pam_authenticatable  if Devise.pam_authentication
-    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
-    manager.default_strategies(scope: :user).unshift :two_factor_backupable
+
+    # We handle 2FA in our own sessions controller so this gets in the way
+    manager.default_strategies(scope: :user).delete :two_factor_backupable
+    manager.default_strategies(scope: :user).delete :two_factor_authenticatable
   end
 
   # The secret key used by Devise. Devise uses this key to generate
diff --git a/config/initializers/health_check.rb b/config/initializers/health_check.rb
new file mode 100644
index 000000000..eece67b10
--- /dev/null
+++ b/config/initializers/health_check.rb
@@ -0,0 +1,6 @@
+HealthCheck.setup do |config|
+  config.uri = 'health'
+
+  config.standard_checks = %w(database migrations cache)
+  config.full_checks = %w(database migrations cache)
+end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 24ba16ae3..273cac9ca 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -65,7 +65,7 @@ class Rack::Attack
     req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media')
   end
 
-  throttle('throttle_media_proxy', limit: 30, period: 30.minutes) do |req|
+  throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req|
     req.remote_ip if req.path.start_with?('/media_proxy')
   end