I ended up using the external nginx for setting rules for rate limiting and such, and there I see the real ip. It's before traffic even gets to mlmym so that's good.

Also made sure to make it use the internal Lemmy url and skip a lot of the proxy stuff I was using earlier. It seems faster now.

Try to hold shift and reload the entire old.lemmy.today site in the browser. It's possible the old mlmym and this new one are conflicting somehow.

I also changed a lot of stuff with networking for it, so it's faster now I think.

If you still have problems, try a different browser just to see if it works there. Then we know it's a browser issue if it does.

I will experiment more with this tomorrow or the coming days then. I was trying to get it to work previously but failed (not using your fork but the original mlmym).

Yeah, I have a custom setup currently just to try and get the source ip, but it doesn't work properly in all cases. And most of the bots use old.lemmy.today since they know mlmym doesn't forward the source ip address, and therefore it's hard to rate limit them.

So it would be amazing if you could forward those 4 headers. Then I will setup nginx to forward those headers to mlmym, and mlmym will forward them when making a request to Lemmy.

I actually thought it was making a https connection to Lemmy but perhaps it doesn't, and nginx just forwards http to https. Not sure. Will have to look into this more.

But yeah, whenever you have time to add the headers, i will investigate more. Not super urgent but will be interesting to play with that later. And it will protect all Lemmy instances that use your fork, so thats good.

I wanted to ask you also if you could forward certain http headers to lemmy when it makes a request? Currently it doesnt forward them so lemmy thinks all the requests from mlmym to lemmy are from the docker ip its running on. And that makes it much harder to rate limit or ban bots since all requests are from the docker ip.

So basically, mlmym should preserve and forward X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host when proxying API/backend requests to Lemmy, because Lemmy uses these headers for correct client IP detection and rate limiting.

Something like this in the code where the incoming request is handled:

const forwardedFor = request.headers.get("x-forwarded-for");
const realIp =
  request.headers.get("x-real-ip") ??
  forwardedFor?.split(",")[0]?.trim();

const headers = new Headers(request.headers);

if (forwardedFor) {
  headers.set("x-forwarded-for", forwardedFor);
}

if (realIp) {
  headers.set("x-real-ip", realIp);
}

headers.set("x-forwarded-proto", request.headers.get("x-forwarded-proto") ?? "https");
headers.set("x-forwarded-host", request.headers.get("host") ?? "");

That would really help a lot and allow me and others to remove a lot of complicated workarounds for trying to get the source ip.

It may be the last few years of the free web because of Google. Their goals are clear.

Please switch to Firefox, another search engine and another email provider...

And that's exactly the point. WEI makes it a world where big tech decides if they are going to support a competing browser, a competing operating system like Linux, or plugins against ads. They can also force you to have any number of plugins installed, from their choosing.

It destroys the free web completely.

100%, its incredibly obvious.

No, I was watching the bond market. The bond market is very tricky. I was watching it, but if you look at it now, it’s — it’s beautiful. The bond market right now is beautiful. But, yeah, I saw last night where people were getting a little queasy.”

Hard to believe these are US Presidential quotes. Sounds more like some teenage barista smoking pot.

Try container tabs!

They have separate sessions so you can be logged in to the same site on multiple accounts. This is extreamly useful for stuff like being logged in to github using work account and company account or other sites where you just need many accounts. Aws is another good example.

There is also temporary containers that leave no trace at all.

It's ad blocking and entire operating systems, or computers configured in any way they don't like.

If this goes through, they can force you to install any plugins they wish, or disable any plugins they wish. Or make sure you don't run Linux and only Windows or Mac. They can force you to have your camera on. They can do anything since they make the rules.

No innovation will take place. Competing browsers or software will not be allowed or manipulated into marketed as "unsafe".

This is a takeover of the open web stack as we know it.

"Client wont wait" - lol :)

For some people, they spend their entire lives inside the matrix. Only when they get old, they realize that none of the work they did matters. Unless it was for the good of humanity.

The way they talk to the mods is absolutely infuriating and the "best" part is they they don't even recognize it themselves.

Thanks for your hard work! Lemmy is really taking off and it's showing how people can communicate without a corporation in the middle. Somehow this has been lost on younger internet users. They think they need to go to some big tech site to connect to other people. Who made those guys our overlords? Fuck them.

Sure - only people who create content give it away for free.

Reddit is in the business of taking that free labor and telling people they own that data and set rules for it. Got it.

European companies somehow survive just fine with people being in unions. There are many strong protections in place, which is why we have 6 weeks vacations, maternal leave and so on.

Sort by 6 or 12 hours is super important.

Land of the fee.

Googles wet dream to make all web pages like this.

Strangely enough, many people do things for other reasons than money. :)

Everything from these big corps have no soul. Because we know it's just about exploiting users for money.

I want the old internet back so bad. Hopefully federation can fuel many new actually fun services that are not built to make money but to actually entertain and amuse people, or simply be useful.

I personally feel pleasure from doing good things in the world. But it seems to be a group of people who doesn't feel it's worth doing something for others unless there is money to be made from it.