April 11, 2021

NGINX Cloudflare Real IP

  1. Cloudflare makes list of their IP to reveal visitors IP in logs of clients.
  2. All Internet full of manuals with lists of their IP. https://danielmiessler.com/blog/getting-real-ip-addresses-using-cloudflare-nginx-and-varnish/
  3. Even Cloudflare make lists with links to that manuals. https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-logging-visitor-IP-addresses
  4. Cloudflare changes list of IP. https://community.cloudflare.com/t/faq-changes-to-cloudflare-infrastructure-ips/259140
  5. ...
  6. PROFIT

Better way to be in spec all the time just run script like this (maybe monthly in cron will be enough):

((curl -s https://www.cloudflare.com/ips-v4 && curl -s https://www.cloudflare.com/ips-v6) | awk '{print "set_real_ip_from "$0 ";"}' && echo "real_ip_header CF-Connecting-IP;") > /etc/nginx/conf.d/cloudflare.conf