Nginx rate limiting outside of container - any tips?

Installation
1

Can anybody please share his working configuration for rate limiting nginx outside of docker container (setup with discourse on the socket)? Thanks…

I seem to be unable to tune it properly and still limiting valid traffic.

2

Do you mean that traffic is getting limited when it shouldn’t be or that you are not limiting traffic when it should be?

3

Exactly… for start I have used template from the inside of the container and moved it outside. I don’t know if there is some recommended config for rate limiting outer nginx.
Emojis and avatars seem to be suitable for different limits than the rest of traffic.

4

Bump… Really nobody is willing to share his tips for working rate limits for outer nginx? Thanks in advance!

5

Please don’t bump topics. If someone had an answer for you I’m sure they would have volunteered it.

Assuming that you have followed the other guides here on meta, and nginx is correctly configured to pass client IPs into the container, is this actually a discourse problem?

6

a) AFAIK nginx outside of container is recommended
b) It should be tailor-made to what discourse requires

So, yes I see it as discourse related problem.

Is this really true and recommended practice?

The rate limit template templates/web.ratelimited.template.yml should be removed from the docker config and the rate limit should then be configured in the outer nginx instance instead.

7

No, discourse doesn’t require nginx outside the container.

Nginx already exists inside the container and is configured automatically. It’s zero-touch providing you followed the standard install.

If you aren’t running any other services on the host you don’t need an external nginx instance at all.

8

Sorry, but I don’t think that 20+ minute app rebuilding without any offline page is good practice (for high traffic site).

9

Manual rebuilds which require downtime happen once or twice a year. If you upgrade via /admin/upgrade the upgrades are seamless.

You can significantly reduce your rebuild times with a two-container install and I would recommend you look into this regardless of whether you use nginx.

4 Likes
10

Two-container install sounds good. But I can’t find any documentation on that here on forum :frowning:

11

No it is not. It’s possible but not a standard recommendation.

Here’s the guide.

If your main concern is downtime during rebuilds, that’s going to be your best bet. If you need help setting that up, someone in marketplace will be able to help.

5 Likes