nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
[Feature Request] Support for rate limiting
For everyone who wants to implement it partially without UI: you can use the option for advanced configuration.
- Create the file
/data/nginx/custom/http_top.conf(maybe mounted elsewhere so check your docker volumes) - Edit the file and insert the line
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=3r/s;(can be changed to your needs and multiple zones are possible). Save and close the file - Restart NPM and open the Web UI
- Edit the Proxy Host and under
advancedyou can add this code (example for Jellyfin):
location /Users/authenticatebyname {
limit_req zone=mylimit burst=8 delay=6;
proxy_pass http://$server:$port;
}
- Edit the location, burst and delay (maybe change the scheme to https if needed)
- Save the changes, it should still show "online"
More information about the configuration on the offical nginx page
I use this setup for Jellyfin and filebrowser and it works fine for me.
Just wanted to add that this feature would be very helpful for me as well. The custom http_top config works wonders but having the custom location in the advanced section isn't the cleanest approach. Even if there was a one line field that would allow you to insert the limit_req parameters in the existing location directive, that would be sweet.
hello, another "yes please me too" comment...
After having a look at the network traffic and being horrified I would also suggest having this as a priority. The whole point of NPM is to take away the pain of manually messing with nginx config and a built in rate limit / fail2ban functionality would be very welcome.
Cheers
location /Users/authenticatebyname { limit_req zone=mylimit burst=8 delay=6; proxy_pass http://$server:$port; }
This is not working for my nextcloud instance (it gave the untrusted domain error), however, this does work:
location /Users/authenticatebyname {
limit_req zone=mylimit burst=8 delay=6;
include conf.d/include/proxy.conf;
}
Do you have any plans to address this issue? I am strongly requesting this feature.
Hi, I personally use Nginx Proxy Manager to publicly host services. I would really appreciate it if this could get implemented to prevent DDoS attacks and possibly filling up all of the available traffic.
location /Users/authenticatebyname { limit_req zone=mylimit burst=8 delay=6; proxy_pass http://$server:$port; }This is not working for my nextcloud instance (it gave the untrusted domain error), however, this does work:
location /Users/authenticatebyname { limit_req zone=mylimit burst=8 delay=6; include conf.d/include/proxy.conf; }
I did it like this and it works
location /Users/authenticatebyname {
limit_req zone=mylimit burst=8 delay=6;
proxy_pass http://$server:$port;
}
but how can I do it for the entire website?
using
location / {
will not work. When i try to open any /subpage it will try to pass the connection to the private IP of the docker container
Also, do you know how to implement it correctly with Cloudflare so that it does not rate limit the Cloudflare IPs, but instead it checks the REAL IPs?
