CloudFlare and Real IP

bitwelder · January 16, 2024, 6:26am

I have been trying to get real ips to show up in Discourse without much success. I have add the cloudflare yml to my setup and have validated the discourse.conf in the container has the correct lines:

set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;

I have also validated that $http_cf_connecting_ip has the correct IP in the logs but for some reason $remote_addr is not being set properly. Has anyone else hit this?

pfaffman · January 16, 2024, 4:49pm

Maybe use the cloudflare template?

add

  - "templates/cloudflare.template.yml"

to your app.yml where the other templates are.

bitwelder · January 16, 2024, 4:50pm

Thanks for the response! I am using the cloudflare template. After further digging it appears that it is not working because all remote_addr coming into nginx are Docker addresses. I am trying to diagnose why this is.

pfaffman · January 16, 2024, 4:51pm

Are you also using a local reverse proxy server? If so, you’ll need to add that address to your set_real_ip config (and maybe the reverse proxy will handle the cloudflare stuff?)

bitwelder · January 16, 2024, 5:03pm

I am not intentionally running a reverse proxy but I have specified a specific IP for exposing ports in my app.yml.

expose:
  - "xxx.xxx.xxx.xxx:80:80"    # http
  - "xxx.xxx.xxx.xxx:443:443"  # https

pfaffman · January 16, 2024, 5:44pm

I don’t know. Maybe you need to include some docker IPs?

Is the IP that’s getting displayed by Discourse a docker ip?

Stephen · January 16, 2024, 5:46pm

Did you follow the standard install? This usually works out of the box with the template.

bitwelder · January 17, 2024, 4:12pm

Thank you both for the help! It ended up that Immunify360 on our VPS was injecting itself as a proxy prior to the container. Adding the Docker IP to the set_real_ip_from temporarily fixed the issue while I look into disabling Immunify.

system · February 16, 2024, 4:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Suggestion for Cloudflare template to get real IP from users installation	3	640	November 28, 2022
Cloudflare template not working when there is an intermediate proxy installation	2	341	May 10, 2022
Issue with Cloudflare template bug	11	1645	November 1, 2015
How to set set_real_ip_from for discourse support	9	3384	November 22, 2017
How do I recover true user IPs? support docker , cdn	4	1701	January 12, 2016

CloudFlare and Real IP

Related Topics