When you use CloudFlare for your websites, you will see only CloudFlare’s IP addresses appearing in the logs. CloudFlare acts as a reverse proxy and includes the originating IP address in the X-Forwarded-For header. Therefore it is possible to add the visitor’s real IP again to your logs.
For nginx it is necessary to have http-real-ip installed. On Ubuntu, this module is activated by default. So we immediately can get started.
Add the following lines to /etc/nginx/nginx.conf:
### CloudFlare##include /etc/nginx/cloudflare;Create a new file /etc/nginx/cloudflare and add these lines:
# Cloudflare# - IPv4set_real_ip_from 199.27.128.0/21;set_real_ip_from 173.245.48.0/20;set_real_ip_from 103.21.244.0/22;set_real_ip_from 103.22.200.0/22;set_real_ip_from 103.31.4.0/22;set_real_ip_from 141.101.64.0/18;set_real_ip_from 108.162.192.0/18;set_real_ip_from 190.93.240.0/20;set_real_ip_from 188.114.96.0/20;set_real_ip_from 197.234.240.0/22;set_real_ip_from 198.41.128.0/17;set_real_ip_from 162.158.0.0/15;set_real_ip_from 104.16.0.0/12;set_real_ip_from 172.64.0.0/13;# - IPv6set_real_ip_from 2400:cb00::/32;set_real_ip_from 2606:4700::/32;set_real_ip_from 2803:f800::/32;set_real_ip_from 2405:b500::/32;set_real_ip_from 2405:8100::/32;real_ip_header CF-Connecting-IP;This is the list of IP addresses currently used by CloudFlare.
Now you can reload nginx and the real IP’s will be showing again in the logs.
If you get an error like this one:
$ service nginx reload
Reloading nginx configuration: nginx: [emerg] "set_real_ip_from" supports IPv4 only in /etc/nginx/nginx.conf:44
nginx: configuration file /etc/nginx/nginx.conf test failed
it just means you don’t support IPv6. Remove the lines with IPv6 addresses from the CloudFlare config file above and reload nginx again.
Check also my post about setting up a cronjob to automatically update the CloudFlare IP addresses.