nostr:nprofile1qyt8wumn8ghj7un9d3shjtnddaehgu3wwp6kytcpr9mhxue69uhkc6t8dp6xu6twvaex2mrp0yhxxmmd9uq3zamnwvaz7tmwdaehgu3wd3skuep0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpr3mhxue69uhkummnw3ezuur0wf6x2mt0dejhymewvdhk6tcqyzvcj5qyz0ah2mvyx7gjesetupesm0sml3446th0wk0pg4kz88us2qns7vf when using an imgproxy instance to load images, a lot of media from nostr.build is timing out with a 504 from the proxy instance. The images load plenty fast when requested directly. Any idea what's going on?
Discussion
Too many calls from the same IP
Makes sense. I put the proxy behind a CDN but it doesn't look like it's caching anything 😐
Hey nostr:nprofile1qyv8wumn8ghj7mnxv33zumn0wdmksetjv5hxxmmd9uq3xamnwvaz7tmsw4e8qmr9wpskwtn9wvhszxnhwden5te0wfjkccte9ehx7um5wfmxjeth9e3k7mf0qyw8wumn8ghj7mn0wd68ytnsdae8getddahx2un09e3k7mf0qyvhwumn8ghj7am9d33k7mt99ehx7um5wgh8w6twv5hsqgye39gqgylmw4kcgdu39npjhcrnpklphlrtt5hw7av7z3tvyw0eq5yq79lq I just added a cache to my proxy instance, I don't know if ip banning is automatic or what, but if you could un-ban 66.228.53.172 that would be helpful
nostr:npub137c5pd8gmhhe0njtsgwjgunc5xjr2vmzvglkgqs5sjeh972gqqxqjak37w might know what’s going on.
Can you try now, it should be working as always. What kind of cache? And why do you need cache when we already have one and it is on CDN and used by many? In general, any extra caches do more harm than help, fragmenting caching, disallowing fast deletion, killing any sort of access counters (users want that), and potentially corrupting the media before it is delivered to the user. We already serve thumbnails (nip94) has it all in all different sizes and formats.
The proxy is there to protect user IP addresses from suspicious image hosts. I could maybe special case nostr.build, but that way sort of lies madness
Doing proxying is where lies all sorts of madness, since now you are subscribing yourself to hosting of potential CSAM and doxxing people in photos/videos since we are unable to signal deletion to you. Also, posting a link to anything that is not media, may prompt browser to prefetch its content and disclose IP address. If people want to protect their IPs, they should use TOR (or at worst VPN), otherwise you are doing proxying for the wrong reasons
I get that. There's also the optimization side of things; imgproxy also saves a lot of bandwidth on mobile connections. I don't see a real solution to the dilemma
Ok, we adjusted some parameters we had around caching, should work better for now.
Generally we don’t like apps caching our media:
1- It’s not necessary, we already optimize media and distribute through global cdn
2- It makes it harder for users to delete their media, accidental dox, etc.
3- It screws up our analytics
4- Some may argue that it is not as safe, centralizes media to an app making it easier for that media to be altered if hacked and not signed, etc.
Yeah, I see what you mean. I have a cache in order to avoid sharing user IP with image hosts and don't special case nostr.build. I'll see if coracle behaves better now
Yeah, images are loading way faster now, thanks! This has been a problem for like a year, I didn't know what was going on until someone mentioned it was only nostr.build.
Same on my imgproxy
Here's what I'm trying as a solution: https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/
my imgproxy is already behind a CDN for caching, but there's still issues for new images