One of my forums went down yesterday, first with a blank page then displaying 429’s. Sam thinks it may be possible that my proxy is not configured correctly - anyone know what the best way is to ascertain whether IP addresses are being handed over correctly to Discourse? I’m pretty sure it is set u…

Yay!! It’s done! IP’s are now showing correctly in the access log :smiley: For some reason the spacing messed up in the snippet above, here it is for anyone who might need it in future: run: - replace: filename: /etc/nginx/conf.d/discourse.conf from: "types {" to: | set…

[图片] AstonJ: users’ IP addresses correctly show up in the admin CP That’s the important bit. If the Discourse admin panel is listing users’ IP addresses correctly, then the IP addresses are getting into Discourse.

Thanks Matt. I wonder what caused the issues yesterday then - reading this it appears that rate limits are applied per user or per IP and so it was odd that the site was inaccessible to everyone (I also tried using various IPs). The forum has been getting busier lately - we’re now serving around 6…

Some of the throttling happens in NGINX though not in Discourse. So you need NGINX to have a set_real_ip_from going.

If nginx’s set_real_ip_from is misconfigured, though, won’t Discourse not be able to get the real IP, either?

It actually will, cause as long as Discourse sees the HTTP X-Forwarded-For header it is fine to set the IP. So you can have a state where IP looks good in Discourse, but NGINX is not “setting real IP” for rate limiting purposes.

Thanks Sam. So do I basically need to do what’s in this post? Or is there a simpler way? If following that post, I guess for me that file would read something like the following? run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /^add_header Strict-Transport-Security …

Possibly, we should test, maybe our nginx template is lacking

i actually just got this error. working through it now… we’re back up. that seemed totally random.

Coming back to this Topic as the other one is slightly different. Do we still need to be doing something like in the post above? Looking through the /etc/nginx/conf.d/discourse.conf file there seems to be no mention of set_real_ip_from (searching the Discourse repo for the same yields no results e…

排查 429（速率限制）问题

支持安装

mpalmer (Matt Palmer) 2018 年2 月 21 日 01:54 8

If nginx isn’t stripping untrusted XFF, and Discourse is seeing a request from 127.0.0.1 and saying “I trust that IP to give me legit XFF headers”, doesn’t that imply that source IP can be spoofed?

话题		回复	浏览量
Problem Error 429 with Reverse proxy Self-hosting	4	1155	2024 年4 月 30 日
Rate Limiting w/ Reverse Proxy Self-hosting	3	703	2021 年11 月 16 日
Discourse shows server IP/localhost as user's IP Self-hosting unsupported-install	19	2156	2022 年7 月 12 日
All IPs recorded as 127.0.0.1 Self-hosting	6	2769	2019 年6 月 16 日
429 Too Many Requests - IP logs disabled - discourse can see 127.0.0.1 only Support	2	639	2022 年3 月 9 日

排查 429（速率限制）问题

相关话题