Site goes down at the same time every day in memory-constrained environment

The error 429 means you are hitting a rate limit, so no amount of additional resources are going to help you there…

2 Likes

It’s not always a 429 – throws 408’s too.

First you need to fix the issue where IP addresses are not reported correctly to the app, as stated upstream in this topic…

At the moment I’m failing to work out where I can add it to the container nginx so that it’ll actually have an effect; the container’s access log is always reporting the same IP from every hit after each time I’ve tried adding it to a different block of the discourse nginx and restarting. the nginx docs suggest that module has to be built separately but I’m assuming it already is in your docker distribution?

Also, curious whether this has changed upstream semi-recently; as recently as Oct 10 (when I was probably not more than a month or so behind on updates) the Discourse site was able to identify external IPs other than localhost and report them properly, and our nginx configs haven’t changed in over a year.

OK, yeah, it’s not a build issue, nginx -V claims it’s in there. Can’t see anything weird in the past few months of commits to discourse-docker either.

Yeah, still happening :frowning:

To everyone’s knowledge, should a dropped-in real_ip_header X-Forwarded-For; in the discourse {} block of the container’s nginx/conf.d/discourse.conf suffice for IP forwarding, and therefore might something else be going wrong if that’s not working? And is it strange that the discourse app has been able to detect requester IPs (e.g. for banning purposes) in the past with these same configs, if the container’s /var/log/nginx/access.log definitely can’t tell them apart now, no matter where I insert that config line?

1 Like

OK, I ran this by a friend who has spent more time looking at nginx configs than I have, and they were able to point out that I also needed set_real_ip_from 172.16.0.0/12; for the container nginx in addition to the real_ip_header X-Forwarded-For;. So at least that should stop the 429’s. I’ll see if the problem still recurs.

3 Likes

To swerve back to the original problem for a moment, do you happen to have any recollection as to when you last upgraded Docker? I’ve just tracked down a bug in Docker 17.11 which has the definite potential to cause the sorts of problems you reported. See the above post for more details and instructions on how to downgrade Docker to a working version.

2 Likes

root@selectbutton:~# docker --version
Docker version 17.05.0-ce, build 89658be

but I appreciate you checking in! looks like it may have in fact just been the header forwarding issue in my case.

2 Likes