j7an asked:
How do I enable both X-Real-IP and X-Forwarded-For in Nginx? I currently have the following to get real IPs in Docker network.
set_real_ip_from 172.18.0.0/32;
real_ip_header X-Real-IP;
real_ip_recursive on;
I would also like to pass real IPs from Cloudflare to Docker containers as well. How do I use both X-Real-IP and X-Forwarded-For in same configuration, one set of IPs for X-Real-IP and one set of IPs for X-Forwarded-For?
My answer:
If you’re trying to get real IPs from behind CloudFlare, you should instead use their own header, CF-Connecting-IP. You should ignore the other headers if you haven’t generated them yourself, as they may be faked by the client.
real_ip_header CF-Connecting-IP;
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.