Problem
When Raneto is deployed behind a reverse proxy (e.g. nginx, NPM), express-rate-limit
emits the following warning on every startup:
express-rate-limit: Looks like you're behind a reverse proxy but
trust proxy is not set...
This happens because the Express app is created without app.set('trust proxy', ...),
so the rate limiter sees the proxy's IP rather than real client IPs.
Expected behaviour
Raneto should provide a config option (e.g. trust_proxy) that, when set, calls
app.set('trust proxy', value) on the Express instance before the rate-limiter middleware.
Proposed fix
In app/index.js, after const app = express();, add:
if (config.trust_proxy !== undefined) app.set('trust proxy', config.trust_proxy);
Document the option in config/config.js. Set trust_proxy: 1 for a single reverse proxy.
Environment
- Raneto: 0.18.1 (docker)
- Deployed behind: nginx / Nginx Proxy Manager
- express-rate-limit version: (see package.json)
Problem
When Raneto is deployed behind a reverse proxy (e.g. nginx, NPM),
express-rate-limitemits the following warning on every startup:
This happens because the Express app is created without
app.set('trust proxy', ...),so the rate limiter sees the proxy's IP rather than real client IPs.
Expected behaviour
Raneto should provide a config option (e.g.
trust_proxy) that, when set, callsapp.set('trust proxy', value)on the Express instance before the rate-limiter middleware.Proposed fix
In
app/index.js, afterconst app = express();, add:Document the option in
config/config.js. Settrust_proxy: 1for a single reverse proxy.Environment