Learn about Centmin Mod LEMP Stack today
Register Now

CF => Nginx Rev => Nginx/PHP .. How?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, Aug 20, 2016.

  1. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:49 AM
    Basically I want to do a service like this, don't ask me why LOL.

    1.) CloudFlare is the main frontend.
    2.) CloudFlare Proxy connects to my Nginx Proxy/Reverse.
    3.) Nginx Proxy/Reverse connects to Nginx/PHP server.

    How would I restore the original visitor IP?

    What I attempted:
    On CloudFlare/Nginx Reverse proxy server I placed the restore ip. As well as a proxy script to proxy the traffic.

    Code:
    server {
        listen 80;
        server_name example.domain.net;
    
        set_real_ip_from 103.21.244.0/22;
        set_real_ip_from 103.22.200.0/22;
        set_real_ip_from 103.31.4.0/22;
        set_real_ip_from 104.16.0.0/12;
        set_real_ip_from 108.162.192.0/18;
        set_real_ip_from 131.0.72.0/22;
        set_real_ip_from 141.101.64.0/18;
        set_real_ip_from 162.158.0.0/15;
        set_real_ip_from 172.64.0.0/13;
        set_real_ip_from 173.245.48.0/20;
        set_real_ip_from 188.114.96.0/20;
        set_real_ip_from 190.93.240.0/20;
        set_real_ip_from 197.234.240.0/22;
        set_real_ip_from 198.41.128.0/17;
        set_real_ip_from 199.27.128.0/21;
        #set_real_ip_from 2400:cb00::/32;
        #set_real_ip_from 2405:8100::/32;
        #set_real_ip_from 2405:b500::/32;
        #set_real_ip_from 2606:4700::/32;
        #set_real_ip_from 2803:f800::/32;
        real_ip_header CF-Connecting-IP;
    
    
        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    Then, on the 127.0.0.1:80 (is obviously my nginx/php server).. with the entire website.. Here, i added

    Code:
        set_real_ip_from 127.0.0.1;
        real_ip_header X-Real-IP;
    That didn't work, am i doing something wrong.. is it even possible?

    my real ip was replaced with 127.0.0.1 :p
     
  2. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:49 AM
    I printed $_SERVER in PHP.

    I found out that the only variable that is not returning the visitor true IP is: REMOTE_ADDR

    However, other like: HTTP_CF_CONNECTING_IP, HTTP_X_REAL_IP etc is returning it properly..?
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    set to nginx reverse proxy's IP

    edit: oh i see 127.0.0.1 is just dummy placeholder for your real ip
     
  4. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:49 AM
    yeah thats what i did
     
  5. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    Well then you'd be on your own for troubleshooting. Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    With that said, Centmin Mod 123.09beta01 has a tools/csfcf.sh script at Beta Branch - csfcf.sh - automate Cloudflare Nginx & CSF Firewall setups | Centmin Mod Community it can take the manual work out of whitelisting cloudflare ips in CSF Firewalll + auto setup nginx real ips via
    set_real_ip_from when you run tools/csfcsf.sh auto from cronjob
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    also explain what you mean by didn't work .. how are you verifying that it worked or not ?
     
    • Agree Agree x 1
  7. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Informative Informative x 1
  8. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    9:49 AM
  9. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,744
    Local Time:
    9:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yup Getting Started Guide is an important and useful page for all Centmin Mod users :D