Real_IP using nginx behind Cloudflare + DigitalOcean Load Balancer

October 2, 2017 131 views
Nginx Load Balancing Ubuntu 16.04

Hi Everyone,
I've been hours trying to figure out how to restore the real_ip when using nginx+cloudflare+digitalocean loadbalancer, I'm almost there but not quite. 3/4 tests work.
accessing the web page via:-
Droplet IP
Droplet DNS Name (via cloudflare not proxied)
Load Balancer DNS Name (via Cloudflare proxied)
All work, but:
Load Balancer IP
doesn't. It still logs the ip address of the load balancer instead.

I have an nginx snippet setup with:

set_real_ip_from 127.0.0.1;
set_real_ip_from 10.131.0.0/16;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

# use any of the following two
real_ip_header X-FORWARDED-FOR;
real_ip_header CF-CONNECTING-IP;
real_ip_recursive on;

nginx is split into 2 configurations, a frontend and a backend.
Both include the above snippet, although I have tried them separated out. I've also tried using one or other of the realipheader lines and without realiprecursive, all with varying degrees of success but the all in one is the closest I've been. It's really for the log files of nginx I'd like to sort this.

phpinfo via load balancer ip:

Variable Value
$_SERVER['HTTP_X_FORWARDED_FOR'] 81.174.xxx.xxx, 10.131.36.19
$_SERVER['HTTP_X_REAL_IP'] 10.131.36.19

phpinfo via droplet ip:

Variable Value
$_SERVER['HTTP_X_FORWARDED_FOR'] 81.174.xxx.xxx
$_SERVER['HTTP_X_REAL_IP'] 81.174.xxx.xxx

phpinfo via droplet dns (cloudflare not proxied):

Variable Value
$_SERVER['HTTP_X_FORWARDED_FOR'] 81.174.xxx.xxx
$_SERVER['HTTP_X_REAL_IP'] 81.174.xxx.xxx

pphpinfo via load balancer dns (cloudflare proxied):

Variable Value
$_SERVER['HTTP_X_FORWARDED_FOR'] 81.174.xxx.xxx, 141.101.98.175, 81.174.xxx.xxx
$_SERVER['HTTP_X_REAL_IP'] 81.174.xxx.xxx

Any thoughts greatly appreciated. The reason for the split frontend/backend is a plan to introduce caching between them (I'm sure that will introduce a new real_ip problem for the backend, but one challenge at a time)

Cheers,

Be the first one to answer this question.