Get Real Visitor IP Address (Restoring Visitor IPs) with Nginx and CloudFlare

Raffi · Raffi · commit b3cb2bc50736 · 2023-01-10T22:11:18.000+01:00
Based on https://github.com/ergin/nginx-cloudflare-real-ip
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -58,6 +58,6 @@ LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \
 	org.label-schema.name="nginx-proxy-manager" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
-	org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
-	org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
-	org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"
+	org.label-schema.url="https://github.com/Raffi/nginx-proxy-manager" \
+	org.label-schema.vcs-url="https://github.com/Raffi/nginx-proxy-manager.git" \
+	org.label-schema.cmd="docker run --rm -ti Raffi/nginx-proxy-manager:latest"
diff --git a/docker/rootfs/etc/cron.daily/cloudflare-sync-ips.sh b/docker/rootfs/etc/cron.daily/cloudflare-sync-ips.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+CLOUDFLARE_FILE_PATH=${1:-/etc/nginx/cloudflare}
+
+echo "#Cloudflare" > $CLOUDFLARE_FILE_PATH;
+echo "" >> $CLOUDFLARE_FILE_PATH;
+
+echo "# - IPv4" >> $CLOUDFLARE_FILE_PATH;
+for i in `curl -s -L https://www.cloudflare.com/ips-v4`; do
+        echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
+done
+
+echo "" >> $CLOUDFLARE_FILE_PATH;
+echo "# - IPv6" >> $CLOUDFLARE_FILE_PATH;
+for i in `curl -s -L https://www.cloudflare.com/ips-v6`; do
+        echo "set_real_ip_from $i;" >> $CLOUDFLARE_FILE_PATH;
+done
+
+echo "" >> $CLOUDFLARE_FILE_PATH;
+echo "real_ip_header CF-Connecting-IP;" >> $CLOUDFLARE_FILE_PATH;
+
+#test configuration and reload nginx
+nginx -t && systemctl reload nginx
diff --git a/docker/rootfs/etc/nginx/cloudflare b/docker/rootfs/etc/nginx/cloudflare
@@ -0,0 +1,29 @@
+#Cloudflare
+
+# - IPv4
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 104.16.0.0/13;
+set_real_ip_from 104.24.0.0/14;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 131.0.72.0/22;
+
+# - IPv6
+set_real_ip_from 2400:cb00::/32;
+set_real_ip_from 2606:4700::/32;
+set_real_ip_from 2803:f800::/32;
+set_real_ip_from 2405:b500::/32;
+set_real_ip_from 2405:8100::/32;
+set_real_ip_from 2a06:98c0::/29;
+set_real_ip_from 2c0f:f248::/32;
+
+real_ip_header CF-Connecting-IP;
diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
@@ -19,6 +19,7 @@ events {
 }
 
 http {
+	include                       /etc/nginx/cloudflare;
 	include                       /etc/nginx/mime.types;
 	default_type                  application/octet-stream;
 	sendfile                      on;

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ events {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`http {`
	`22`	`+ include /etc/nginx/cloudflare;`
`22`	`23`	`include /etc/nginx/mime.types;`
`23`	`24`	`default_type application/octet-stream;`
`24`	`25`	`sendfile on;`