Show upstream Cloudflare server IP after enabled nginx / set_real_ip_from

Ryan asked:

I’ve followed cloudflare doc [1] that enabled set_real_ip_from in order to show original client’s IP

My log format is

log_format main '$remote_addr $http_cf_connecting_ip $http_x_forwarded_for

Assume client real IP is X, and cloudflare server is Y

Before enabling

the log is Y X X

After enabling

the log is X X X

Questions

  1. Is this normal?
  2. After enabled, the CF server IP info is lost, how to log them?

[1] https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-

My answer:


When you use the realip module to substitute the client IP address for the downstream proxy IP address (in this case Cloudflare), the original proxy IP address that contacted you is stored in the variable $realip_remote_addr and the remote port in $realip_remote_port. You can use these variables in your custom log_format.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.