Coming back to this Topic as the other one is slightly different.
Do we still need to be doing something like in the post above?
Looking through the /etc/nginx/conf.d/discourse.conf
file there seems to be no mention of set_real_ip_from
(searching the Discourse repo for the same yields no results either). From the discourse.conf
file these seem most relevant:
(mentions of IP
)
# This big block is needed so we can selectively enable
# acceleration for backups and avatars
# see note about repetition above
location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
# we need buffering off for message bus
location /message-bus/ {
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://discourse;
break;
}
# auth_basic on;
# auth_basic_user_file /etc/nginx/htpasswd;
location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {
expires 1y;
add_header Cache-Control public,immutable;
add_header Access-Control-Allow-Origin *;
}
location = /srv/status {
access_log off;
log_not_found off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
break;
}
Which appear to be setting the correct remote address
For completeness I received a couple of 429s
after a peak in traffic a couple of days ago, and looking at my app.yml I found that the set_real_ip_from my.server.ip;
and real_ip_header CF-Connecting-IP;
lines were commented out… but it doesn’t look like they do anything anyway? Can you remember what the outcome of your investigations were after?
Currently I am recommending adding those lines to the app.yml in the following guide: How to set up Discourse on a server with existing Apache sites (and so may be giving bad advice to others?)