Rate limit issue with nginx proxy / docker

We are facing some problems with rate limiter in Frappe V14. The IP used in the cache is the internal IP and not the final user IP, which makes all users to be blocked for some specific function, like password reset. We are using docker and nginx reverse proxy.

We investigated the issue and cache is stored like rl:frappe.core.doctype.user.user.reset_password:172.21.0.1 where 172.21.0.1 is an internal IP and not user IP, which makes password reset to be blocked to all users.

Anyone has been thru this?

You’ll want to configure your NGINX proxy to use the real IP address rather than where the proxy is coming from.

Is Nginx running on your frappe server or is your upstream proxy server sending to port 8000 or similar?

If you had Nginx running on your frappe server and also had an upstream proxy server you could add the following to /etc/nginx/nginx.conf.

real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 10.1.22.24/32; #set this to the IP address of upstream proxy