Getting Cloudflare IP's instead of client's IP


(Kevin) #1

I use cloudflare DDoS protection and seem to be getting the cloudflare ip address instead of the clients ip address when I check the user from the admin panel in the “Last IP Address” section.

My nginx config is standard and has the following which looks ok to me:

location @discourse {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


    proxy_set_header X-Forwarded-Proto $thescheme;
    proxy_set_header Host $http_host;

    proxy_pass http://discourse;
  }

Any help appreciated.


Discourse, Cloudflare and IP Bans
(Ben T) #2

You should be able to add these directives to the discourse.conf file.


(Johan Jatko) #3

Either do as trident said or switch $remote_addr to $sent_http_cf_connecting_ip
(As per Module ngx_http_core_module)

Though this will fail if the header CF-Connecting-IP is not set(if you are not routing through CloudFlare when developing etc.)


(Dvid Silva) #4

Just ran into this, how can this be added post installation if I’m using docker in digital ocean?


(Ben T) #5

Take a peek at how discourse_docker edits the nginx config file for SSL. The same approach could be used to slip in any cloudflare settings. You’d add this directly to your app.yml file. I’ll try to update this with a more specific answer, unless someone else can before me.


(Kainzo) #6

What about those who used a manual install of Discourse? how would I apply this? fyi I used this install method.


(Ben T) #7
https://meta.discourse.org/t/setting-up-discourse-few-issues-with-it/17188/2?u=trident&source_topic_id=12479

You can apply the above edits to the /etc/nginx/sites-available/default specified in their documentation, but I can’t verify that it will work without setting up that environment. If you can edit the internal nginx configuration, you can add the directives there as well.


(Kainzo) #8

Thanks, I appreciate that. I won’t be moving to docker, ever. It’s outside of the scope of what I’m doing and am happy to continue down this route as long as minimal support / help can be translated :smiley:


(Kainzo) #9

Do you recall the specific edits that need to be applied to /default ?


(Ben T) #10

Change

proxy_set_header X-Real-IP $remote_addr;

to

proxy_set_header X-Real-IP $sent_http_cf_connecting_ip;

wherever it is found in your enviroment per @ArmedGuy or add the information here.


(Kainzo) #11

I apparently dont have the module and would have to apt remove and recompile with it there…

I guess im just having issues with formatting and a bit newbish to nginx altogether. I appreciate the replies!


(Manthan Mallikarjun) #12

Sorry for necro posting, but I have the same problem.

Im using the Docker installation. How can I change the settings so it gets the user’s ip instead of cloudlfare’s?

Thanks.


(Khoa Nguyen) #13

Did you try this?


(Kane York) #14

This is now officially available - add cloudflare.template.yml to your container definition.