By info290735
Hi Everyone, I’ve been hours trying to figure out how to restore the real_ip when using nginx+cloudflare+digitalocean loadbalancer, I’m almost there but not quite. 3/4 tests work. accessing the web page via:- Droplet IP Droplet DNS Name (via cloudflare not proxied) Load Balancer DNS Name (via Cloudflare proxied) All work, but: Load Balancer IP doesn’t. It still logs the ip address of the load balancer instead.
I have an nginx snippet setup with:
set_real_ip_from 127.0.0.1;
set_real_ip_from 10.131.0.0/16;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
# use any of the following two
real_ip_header X-FORWARDED-FOR;
real_ip_header CF-CONNECTING-IP;
real_ip_recursive on;
nginx is split into 2 configurations, a frontend and a backend. Both include the above snippet, although I have tried them separated out. I’ve also tried using one or other of the real_ip_header lines and without real_ip_recursive, all with varying degrees of success but the all in one is the closest I’ve been. It’s really for the log files of nginx I’d like to sort this.
phpinfo via load balancer ip:
| Variable | Value |
|---|---|
| $_SERVER[‘HTTP_X_FORWARDED_FOR’] | 81.174.xxx.xxx, 10.131.36.19 |
| $_SERVER[‘HTTP_X_REAL_IP’] | 10.131.36.19 |
phpinfo via droplet ip:
| Variable | Value |
|---|---|
| $_SERVER[‘HTTP_X_FORWARDED_FOR’] | 81.174.xxx.xxx |
| $_SERVER[‘HTTP_X_REAL_IP’] | 81.174.xxx.xxx |
phpinfo via droplet dns (cloudflare not proxied):
| Variable | Value |
|---|---|
| $_SERVER[‘HTTP_X_FORWARDED_FOR’] | 81.174.xxx.xxx |
| $_SERVER[‘HTTP_X_REAL_IP’] | 81.174.xxx.xxx |
pphpinfo via load balancer dns (cloudflare proxied):
| Variable | Value |
|---|---|
| $_SERVER[‘HTTP_X_FORWARDED_FOR’] | 81.174.xxx.xxx, 141.101.98.175, 81.174.xxx.xxx |
| $_SERVER[‘HTTP_X_REAL_IP’] | 81.174.xxx.xxx |
Any thoughts greatly appreciated. The reason for the split frontend/backend is a plan to introduce caching between them (I’m sure that will introduce a new real_ip problem for the backend, but one challenge at a time)
Cheers,
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello there,
You can try using the following suggestion if all request to the server will come from the Load Balancer.
- real_ip_header X-Forwarded-For;
- set_real_ip_from 0.0.0.0/0;
That should tell Nginx to trust an X-Forwarded-For header from anyone. The downside is that if anyone directly accesses your server, they would be able to spoof an X-Forwarded-For header and Nginx would use the wrong client IP address.
https://serverfault.com/questions/331531/nginx-set-real-ip-from-aws-elb-load-balancer-address
Regards
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.