Enable Both X-Real-IP and X-Forwarded-For in Nginx

j7an asked:

How do I enable both X-Real-IP and X-Forwarded-For in Nginx? I currently have the following to get real IPs in Docker network.

real_ip_header    X-Real-IP;
real_ip_recursive on;

I would also like to pass real IPs from Cloudflare to Docker containers as well. How do I use both X-Real-IP and X-Forwarded-For in same configuration, one set of IPs for X-Real-IP and one set of IPs for X-Forwarded-For?

My answer:

If you’re trying to get real IPs from behind CloudFlare, you should instead use their own header, CF-Connecting-IP. You should ignore the other headers if you haven’t generated them yourself, as they may be faked by the client.

real_ip_header CF-Connecting-IP;

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.