If you need to get real IP address of the visitor instead of getting IP addresses from CloudFlare – follow the steps in this tutorial.
My distribution of choice was in this case CentOS 8. If you have different distribution some commands may be different.
1. Edit Nginx configuration
Open “/etc/nginx/nginx.conf” with text edior of your choice and paste line below inside http{} block.
include /etc/nginx/cloudflare;
2. Save script below anywhere you want
#!/bin/bash
CLOUDFLARE_FILE_PATH=/etc/nginx/cloudflare
echo "#Cloudflare" > $CLOUDFLARE_FILE_PATH;
echo "" >> $CLOUDFLARE_FILE_PATH;
echo "# - IPv4" >> $CLOUDFLARE_FILE_PATH;
for i in `curl https://www.cloudflare.com/ips-v4`; do
echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
done
echo "" >> $CLOUDFLARE_FILE_PATH;
echo "# - IPv6" >> $CLOUDFLARE_FILE_PATH;
for i in `curl https://www.cloudflare.com/ips-v6`; do
echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
done
echo "" >> $CLOUDFLARE_FILE_PATH;
echo "real_ip_header CF-Connecting-IP;" >> $CLOUDFLARE_FILE_PATH;
#test configuration and reload nginx
nginx -t && systemctl reload nginx
You can run it manually, but I prefer to add it into Crontab.
3. (Optional) Edit Crontab
Remember to replace script file path with your own.
# Auto sync ip addresses of Cloudflare and reload nginx
30 2 * * * /opt/scripts/cloudflare-ip-whitelist-sync.sh >/dev/null 2>&1
Sources: