Cloudflare Tunnel (Real IP) and SSL

Hello Discourser…

i just followed guide from

i have successfully installed discourse and i put my server into cloudflare tunnel.

I have a few things to ask here…

  1. after I had a ddos attack that was so rough, I activated UAM (under attack mode) and it managed to prevent ddos attacks, but I got discourse that couldn’t run smoothly with UAM, so I wanted to block it via ip, after I saw. apparently i get only ip from same(either localhost or from tunnel itself), how do i get real ip from visitor? if anyone can answer, please provide how. sorry I’m too new here.

  2. after putting server in cloudflare tunnel…
    i still use Let Encrypt… can the SSL from Let Encrypt be updated(i mean renew), or do I have to use the SSL from cloudflare itself? I haven’t had any success using SSL from cloudflare yet. there are friends here want to show how.?

maybe that’s all I want to ask first for now. before that. to the kind friend who answered, I thank you very much

  1. Let Encrypt behind Cloudflare Tunnel

When you put your server behind Cloudflare Tunnel, the SSL certificate management is typically handled by Cloudflare rather than Let’s Encrypt directly. Cloudflare offers its own SSL/TLS certificates, which are managed and automatically renewed by Cloudflare.

When you enable the Cloudflare DNS mode proxy (orange cloud), the traffic between the client and Cloudflare is encrypted using Cloudflare’s SSL certificate. Cloudflare handles the SSL termination and then communicates with your server over the tunnel using its own certificate.

As a result, you don’t need to worry about renewing the Let’s Encrypt certificate on your server directly. Cloudflare will manage the SSL/TLS certificate for the domain and handle the renewal process automatically.

It’s worth noting that when using Cloudflare’s SSL certificate, the SSL handshake between the client and Cloudflare happens at the edge server, reducing the load on your server and potentially improving performance.

1 Like

You should be able to get real visitor ip, I think you would just get from a header x-real-ip, check cloudflare documentation .

@syandriz thanks… i hope SSL Encrypt got renew like you said

@ghassan i do many time to config yml, but not work. can give me step

Did you add the cloudflare template?

1 Like

Yes i do with and without still Nginx give me same result. Mr @pfaffman
i dont know how.
and may i know why iplogger(dot)org still get my real ip, do you have any advice to hide my ip from that.