/ Register

Welcome to Centmin Mod Community
Become a Member

Cloudflare Getting Real IP From Behind Two Proxies

Discussion in 'System Administration' started by BamaStangGuy, Oct 17, 2019.

Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Oct 24, 2019 #21
    eva2000

    eva2000 Administrator Staff Member

    55,396
    12,255
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,835
    Local Time:
    8:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    not remove, replace with standard one
    Code (Text):
    real_ip_header X-Forwarded-For;

    actually in that cause I wouldn't use cloudflare.conf include file at all and use custom one as csfcf.sh cronjob would override cloudflare.conf everytime right now

    i'm going to update csfcf.sh cronjob to use
    Code (Text):
    real_ip_header X-Forwarded-For;

    instead of
    Code (Text):
    real_ip_header CF-Connecting-IP;

    so that other non-cloudflare reverse proxies would work too
     
  2. Oct 24, 2019 #22
    BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    5:19 AM
    You only need real_ip_recursive on; inside the cloudflare conf. Inside the ezoic one you still use real_ip_header X-Forwarded-For; at the end
     
  3. Oct 24, 2019 #23
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Nginx doesn't start :(

    I add also at the config of the domain under the Cloudflare include this one:

    Code:
    include /usr/local/nginx/conf/ezoic.conf;
    Error:

    Code:
    Starting nginx: nginx: [emerg] "real_ip_header" directive is duplicate in /usr/local/nginx/conf/ezoic.conf:1240
    Should i disable the include for cloudflare.conf ?

    I am using the Ezoic app through Cloudflare....

    The issue is that i have on cloudflare.conf and ezoic.conf at the end the same header:

    Code:
    real_ip_header X-Forwarded-For;
    but how is the proper way to solve it?

    I am attaching the config files here:
     

    Attached Files:

    Last edited: Oct 24, 2019
  4. Oct 25, 2019 #24
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    The confusion is that on post #15 @Xon recommends to remove the header from cloudflare.conf:
    Code:
    real_ip_header CF-Connecting-IP;
    and that seems to work according to @BamaStangGuy

    but @eva2000 recommends to not remove it and change it to:

    Code:
    real_ip_header X-Forwarded-For;
    But the same header exist also to the end of ezoic.conf and conflict...
     
  5. Oct 25, 2019 #25
    BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    5:19 AM
    This is what I have that works:

    In cloudflare.conf

    Code:
    include /usr/local/nginx/conf/cloudflare_customips.conf;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_recursive on;
    In ezoic.conf
    Code:
    <-rest of ips->
set_real_ip_from 18.188.9.0/27;
set_real_ip_from 18.188.9.32/27;
set_real_ip_from 34.217.141.224/27;
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
real_ip_header X-Forwarded-For;
    Then in nginx.conf include ezoic.conf underneath cloudflare.conf.
     
  6. Oct 25, 2019 #26
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Yes i know but the confusion was related to @eva2000 recommendation to not remove the header from the cloudflare.conf ....

    Also as the cronjob from csf will overwrite the contents (if i am not wrong) of the cloudflare.conf i think is better to add the real_ip_recursive on; at the cloudflare_customips.conf ?
     
  7. Oct 25, 2019 #27
    BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    5:19 AM
    It did not work when I did that.
     
  8. Oct 25, 2019 #28
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    I will wait for @eva2000 to see how to set that as i think your config will revert back by the csf cronjob...
     
  9. Oct 25, 2019 #29
    eva2000

    eva2000 Administrator Staff Member

    55,396
    12,255
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,835
    Local Time:
    8:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that works as you have real_ip_header X-Forwarded-For in ezoic.conf as include files in nginx.conf are just like if contents was placed in nginx.conf so cloudflare.conf and ezoic.conf combined contents has the single real_ip_header X-Forwarded-For required for things to work
     
  10. Oct 25, 2019 #30
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    But the csf cronjob will add back the header at cloudflare.conf ?

    If yes then it will conflict and Nginx will not start....

    What to do on that case?
     
  11. Oct 25, 2019 #31
    eva2000

    eva2000 Administrator Staff Member

    55,396
    12,255
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,835
    Local Time:
    8:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes csfcf.sh cron would override cloudflare.conf but 123.09beta01 latest update changed to using
    real_ip_header X-Forwarded-For instead so just remove it from ezoic.conf include file and place ezoic.conf before cloudflare.conf include file in nginx.conf

    run manually once the command
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh auto

    to inspect if cloudflare.conf has the updated real_ip_header X-Forwarded-For
     
  12. Nov 26, 2019 #32
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    @BamaStangGuy
    @Xon
    @eva2000

    can't get the users ip's in my log file :(

    I am using the Ezoic app from Cloudflare apps panel...

    cloudflare.conf
    Code:
    include /usr/local/nginx/conf/cloudflare_customips.conf;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
a few more ip's here...
real_ip_header X-Forwarded-For;
    cloudflare_customips.conf
    Code:
    real_ip_recursive on;
    ezoic.conf
    Code:
    set_real_ip_from 34.217.141.224/27;
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
a few more ip's here...

    Domain config:
    Code:
      include /usr/local/nginx/conf/ezoic.conf;
  include /usr/local/nginx/conf/cloudflare.conf;
    Any ideas?
     
    Last edited: Nov 26, 2019
  13. Nov 26, 2019 #33
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Does the load of real_ip_recursive on; matters?

    If yes then i think is not working for me as the order is:

    ezoic ip's
    then
    real_ip_recursive on;
    then
    cloudflae ip's with real_ip_header X-Forwarded-For; at the end...

    Maybe to get that work it must be:

    real_ip_recursive on;
    then
    cloudflae ip's WITHOUT real_ip_header X-Forwarded-For; at the end...
    then
    ezoic ip's WITH real_ip_header X-Forwarded-For; at the end...

    and:
    Code:
    include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/ezoic.conf;
    What do you think?
     
  14. Dec 10, 2019 #34
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    @BamaStangGuy

    Did you add the ezoic include only in the main Nginx config or in the domain Nginx config also?

    Thank you
     
  15. Dec 13, 2019 #35
    negative

    negative Active Member

    415
    50
    28
    Apr 11, 2015
    Ratings:
    +98
    Local Time:
    1:19 PM
    1.9.10
    10.1.11
    Btw, do you advice to using the Ezoic service ?
     
  16. Dec 13, 2019 #36
    pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    1:19 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    I assume that it depends on each case of usage but in my case i got an income increase of around 40% but also a noticeable increase at loading time for ads...
     
  17. Sep 22, 2022 #37
    rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    6:19 PM
    Mainline
    10.2
    Anyone solved the IP issue when using Cloudflare and Ezoic?
    I still got all my visitors showing Ezoic IPs even though I have followed the guide above.
     
  18. Sep 22, 2022 #38
    rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    6:19 PM
    Mainline
    10.2
    Or I guess, the list I have here isn't complete:
    Ezoic
     
Previous Thread Next Thread
Loading...
Page 2 of 2

.