You are currently viewing Getting real visitor IP address with Nginx and CloudFlare

Getting real visitor IP address with Nginx and CloudFlare

If you need to get real IP address of the visitor instead of getting IP addresses from CloudFlare – follow the steps in this tutorial.
My distribution of choice was in this case CentOS 8. If you have different distribution some commands may be different.

1. Edit Nginx configuration

Open “/etc/nginx/nginx.conf” with text edior of your choice and paste line below inside http{} block.

include /etc/nginx/cloudflare;

2. Save script below anywhere you want

#!/bin/bash

CLOUDFLARE_FILE_PATH=/etc/nginx/cloudflare

echo "#Cloudflare" > $CLOUDFLARE_FILE_PATH;
echo "" >> $CLOUDFLARE_FILE_PATH;

echo "# - IPv4" >> $CLOUDFLARE_FILE_PATH;
for i in `curl https://www.cloudflare.com/ips-v4`; do
    echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
done

echo "" >> $CLOUDFLARE_FILE_PATH;
echo "# - IPv6" >> $CLOUDFLARE_FILE_PATH;
for i in `curl https://www.cloudflare.com/ips-v6`; do
    echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
done

echo "" >> $CLOUDFLARE_FILE_PATH;
echo "real_ip_header CF-Connecting-IP;" >> $CLOUDFLARE_FILE_PATH;

#test configuration and reload nginx
nginx -t && systemctl reload nginx

You can run it manually, but I prefer to add it into Crontab.

3. (Optional) Edit Crontab

Remember to replace script file path with your own.

# Auto sync ip addresses of Cloudflare and reload nginx
30 2 * * * /opt/scripts/cloudflare-ip-whitelist-sync.sh >/dev/null 2>&1

Sources:

  1. https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs
  2. https://github.com/ergin/nginx-cloudflare-real-ip

Leave a Reply