Sorry but as far as I know its for cloudflare IPs. However, I have my own IP. And even if I would change this file for a little, I don’t know if my changes would be overwritten in future or not.
My use case is that I have a php file for login/sign-up using api calls and it is in one of my servers. Assuming that the public IP of that server is 1.2.3.4, all IPs inside discourse is reported to be also 1.2.3.4. And it would pass all limits very soon.
I know about this part. I just don’t know how to implement it in discourse nginx. There is a template for cloudflare ips. but there is not a template for custom ips or any instructions, as far as I know.
Looks good to me, you highlight the super important fact there that you can not just trust any IP address with that header, cause if you did, user IPs can be spoofed.
An alternative I have seen (that we use in haproxy) is setting the IP only if we see some top secret header that we have the CDN always send us.