One of my forums went down yesterday, first with a blank page then displaying 429’s. Sam thinks it may be possible that my proxy is not configured correctly - anyone know what the best way is to ascertain whether IP addresses are being handed over correctly to Discourse? I’m pretty sure it is set u…

Yay!! It’s done! IP’s are now showing correctly in the access log :smiley: For some reason the spacing messed up in the snippet above, here it is for anyone who might need it in future: run: - replace: filename: /etc/nginx/conf.d/discourse.conf from: "types {" to: | set…

[صورة] AstonJ: users’ IP addresses correctly show up in the admin CP That’s the important bit. If the Discourse admin panel is listing users’ IP addresses correctly, then the IP addresses are getting into Discourse.

Thanks Matt. I wonder what caused the issues yesterday then - reading this it appears that rate limits are applied per user or per IP and so it was odd that the site was inaccessible to everyone (I also tried using various IPs). The forum has been getting busier lately - we’re now serving around 6…

Some of the throttling happens in NGINX though not in Discourse. So you need NGINX to have a set_real_ip_from going.

If nginx’s set_real_ip_from is misconfigured, though, won’t Discourse not be able to get the real IP, either?

It actually will, cause as long as Discourse sees the HTTP X-Forwarded-For header it is fine to set the IP. So you can have a state where IP looks good in Discourse, but NGINX is not “setting real IP” for rate limiting purposes.

Thanks Sam. So do I basically need to do what’s in this post? Or is there a simpler way? If following that post, I guess for me that file would read something like the following? run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /^add_header Strict-Transport-Security …

Possibly, we should test, maybe our nginx template is lacking

i actually just got this error. working through it now… we’re back up. that seemed totally random.

Coming back to this Topic as the other one is slightly different. Do we still need to be doing something like in the post above? Looking through the /etc/nginx/conf.d/discourse.conf file there seems to be no mention of set_real_ip_from (searching the Discourse repo for the same yields no results e…

استكشاف الأخطاء وإصلاحها في خطأ 429 (حد المعدل)

الدعم تثبيت

mpalmer (Matt Palmer) 21 فبراير 2018، 1:54ص 8

If nginx isn’t stripping untrusted XFF, and Discourse is seeing a request from 127.0.0.1 and saying “I trust that IP to give me legit XFF headers”, doesn’t that imply that source IP can be spoofed?

الموضوع		الردود	مرات العرض
Problem Error 429 with Reverse proxy Self-hosting	4	1155	30 أبريل 2024
Rate Limiting w/ Reverse Proxy Self-hosting	3	703	16 نوفمبر 2021
Discourse shows server IP/localhost as user's IP Self-hosting unsupported-install	19	2156	12 يوليو 2022
All IPs recorded as 127.0.0.1 Self-hosting	6	2769	16 يونيو 2019
429 Too Many Requests - IP logs disabled - discourse can see 127.0.0.1 only Support	2	639	9 مارس 2022

استكشاف الأخطاء وإصلاحها في خطأ 429 (حد المعدل)

الموضوعات ذات الصلة