Problem Error 429 with Reverse proxy

Hi, My Discourse is run with reverse proxy (NPM)

the discourse don’t it does not support the x-forwarded field and therefore shows me all the time the ip address of my reverse proxy when we look for example from which ip the user is registering etc …

I sniff the request on discourse and the X-forwarder is present but in access.log the IP view is the reverse proxy

I view on interne il necessary to change the configuration template or de configuration file nginx for Discourse (not nginx on NPM)

do you help me for this ? because the discourse activate de tempalte web.ratelimite and send most error 429

:frowning:
Thank you for you help

See How to set up Discourse on a server with existing Apache sites - sysadmin - Discourse Meta for an example of how to conduits) configure the internal nginx for your reverse proxy ip.

1 Like

I am struggling with this, too.

I have a Debian server with Apache 2.4 vHosts and one of these vHosts is the Discourse Docker container. On Apache the mod_remoteip is enabled (there was no mod_extract_forwarded), but without any configuration options. The vHost config is pretty simple:

RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /.well-known !
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/

8083 is the exposed http port of the Discourse Docker container.

That’s it pretty much.

I see the different visitors (by IP) in the statistics created with the Apache access.log and, more important, I also see different last IPs for the users (this was a simple check for me). So it seems to be that the IP addresses of the visitors are exposed through the Apache proxy to Discourse. This was already the case without mod_remoteip turned on, which I only did some days agao.

Anyway, I am having trouble again now. Some crawler or DoS attack is running on our server with an IPv4 from Krakau, Poland. It is generating a lot of 429 errors. That’s okay for me, but all other visitors also get these errors.

Is that also the case? So when the connection limit is reached everybody gets an error? Or per IP?

Is something missing in my configuration or can I improve/tune it? We were having problems with the Claudebot some weeks and also some days ago, so maybe the limit needs to be lifted up a bit.

Thanks and greetings,
Roi

Did you add the stuff to see that the remote ip address gets to discourse or do all users appear to be coming from the proxy?

Search for x-forwarded-for

Ehm… :see_no_evil: I forgot the Nginx (Discourse) part. :see_no_evil: Thank you! :slight_smile:

I just edited app.yml and ran a rebuild on the container. The bot came back almost instantly after the container came back up. I do not see any 429 errors, yet. Hopefully it stays that way for “normal” users.

That’s the thing… When I check the admin page of the users, I always saw different “last IP” entries. So somehow Discourse saw the real IPs of the users, even without mod_remoteip and also without the Nginx config change. :man_shrugging:

Anyway, I am curious to see if the Nginx config change brought the solution to this problem! :slight_smile:

1 Like