Octane Version v2.3.10 Laravel Version <p

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

I suspect a trusted proxy misconfiguration. Could you check if <code class="notranslat

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

FrankenPHP: Laravel `api` throttling not working (429 Too Many Requests) about octane HOT 6 OPEN

jhm-ciberman commented on June 2, 2024

FrankenPHP: Laravel `api` throttling not working (429 Too Many Requests)

from octane.

Comments (6)

driesvints commented on June 2, 2024 1

@dunglas do you maybe know the answer to this one?

from octane.

dunglas commented on June 2, 2024 1

Ok. Setting the environment variable CADDY_GLOBAL_OPTIONS to:

servers { trusted_proxies static private_range }

should fix the issue.

I'll try to write a patch to make Octane automate this when needed.

from octane.

dunglas commented on June 2, 2024

I suspect a trusted proxy misconfiguration. Could you check if $request->ip() isn't always returning the same IP?

If the same IP is always returned, it's likely because you are using a proxy in front of FrankenPHP. In this case, you'll have to follow these steps: dunglas/frankenphp#718 (reply in thread)

We could automatically configure Caddy's trusted headers if Laravel's "trusted proxies" are set. Would you accept a patch doing this @driesvints @nunomaduro?

from octane.

jhm-ciberman commented on June 2, 2024

That makes sense. I can't easily check that. I would need to deploy a special route in our staging environment and then ask our teammates to access from different IPs. Maybe I can do that later.

I can confirm that I am using Laravel Forge with the default configuration. I activated Laravel Octane using Forge UI and then added the extra lines to the nginx configuration that are needed to run our application.

Here is the nginx config we are using. The custom configuration is marked with a CUSTOM DIRECTIVE comment. Everything else is exactly as configured by forge when you toggle on Laravel Octane.

(I replaced our real domain for example.com)

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.example.com/before/*;

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

map $upstream_http_x_frame_options $x_frame_options { ## CUSTOM DIRECTIVE
    '' SAMEORIGIN;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .app.example.com;
    server_tokens off;
    root /home/forge/app.example.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/app.example.com/2169528/server.crt;
    ssl_certificate_key /etc/nginx/ssl/app.example.com/2169528/server.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options $x_frame_options; ## CUSTOM DIRECTIVE
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    proxy_hide_header X-Powered-By; ## CUSTOM DIRECTIVE

    index index.html index.htm index.php;

    charset utf-8;

    # CORS for public storage folder ## CUSTOM DIRECTIVE
    location /storage/ {
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, OPTIONS";
        add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
        add_header Access-Control-Allow-Credentials "true";
    }

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/app.example.com/server/*;

    location /index.php {
        try_files /not_exists @octane;
    }

    location / {
        try_files $uri $uri/ @octane;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/app.example.com-error.log error;

    error_page 404 /index.php;

    location @octane {
        set $suffix "";

        if ($uri = /index.php) {
            set $suffix ?$query_string;
        }

        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header SERVER_PORT $server_port;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_pass http://127.0.0.1:8000$suffix;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.example.com/after/*;

from octane.

nunomaduro commented on June 2, 2024

@dunglas ping me when that PR is ready.

from octane.

FrankenPHP: Laravel `api` throttling not working (429 Too Many Requests) about octane HOT 6 OPEN

Comments (6)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent