I just encounted this problem with Cloudflare when I turned on their proxy.
I fixed by changing the Nginx config. You ahve to find all the proxy IP addresses and for each one in the http section:
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
...
Then you can set the real IP from the header passed by Cloudflare:
real_ip_header CF-Connecting-IP;
Since the proxy IP addresses could change, I’ll need to automate pulling and updating these.
Then reload/restart nginx with:
sv nginx reload or sv nginx restart
Argh. I wish I’d seen this post earlier! I’d just spent an hour today re-creating something that was already there: X-Forwarded-For proxy tag not recognized by Discourse?: