Join the community today
Register Now

Nginx How to include an X-Forwarded-For header on Nginx config for Ezoic?

Discussion in 'Nginx and PHP-FPM news & discussions' started by pamamolf, Aug 16, 2023.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,067
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    6:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi,


    Any ideas how can i include on Centminmod Nginx config the XFF header?

    Ezoic

    Thanks in advance !
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,766
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    1:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Same way it's done for Cloudflare any any reverse proxy in front of Nginx server as per Getting Started Guide step 5 - Proxies And Visitor's Real IP Address which points to Nginx Cloudflare, AWS Cloudfront & Incapsula (reverse proxy HttpRealIpModule) - CentminMod.com LEMP Nginx web stack for CentOS
    Now if you have Cloudflare in front with Ezoic and then Nginx, also may need real_ip_recursive directive https://community.centminmod.com/th...om-behind-two-proxies.18489/page-2#post-79590

    For Cloudflare trusted IPs you can use Centmin Mod tools/csfcf.sh to get Cloudflare's latest IPv4 and IPv6 ips manually instead of tools/csfcf.sh auto cronjob
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh ipv4
    --------------------------------------------
     Downloading Cloudflare IP list
     from: https://www.cloudflare.com/ips-v4/
    --------------------------------------------
    --------------------------------------------
     Format for Centminmod.com Nginx Installer
      1). add to nginx.conf
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    --------------------------------------------
      1). add to nginx.conf
    --------------------------------------------
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    real_ip_header X-Forwarded-For;
    --------------------------------------------
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    csf -a 173.245.48.0/20 cloudflare
    csf -a 103.21.244.0/22 cloudflare
    csf -a 103.22.200.0/22 cloudflare
    csf -a 103.31.4.0/22 cloudflare
    csf -a 141.101.64.0/18 cloudflare
    csf -a 108.162.192.0/18 cloudflare
    csf -a 190.93.240.0/20 cloudflare
    csf -a 188.114.96.0/20 cloudflare
    csf -a 197.234.240.0/22 cloudflare
    csf -a 198.41.128.0/17 cloudflare
    csf -a 162.158.0.0/15 cloudflare
    csf -a 104.16.0.0/13 cloudflare
    csf -a 104.24.0.0/14 cloudflare
    csf -a 172.64.0.0/13 cloudflare
    csf -a 131.0.72.0/22 cloudflare
    --------------------------------------------
    

    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh ipv6
    --------------------------------------------
     Downloading Cloudflare IP list
     from: https://www.cloudflare.com/ips-v6/
    --------------------------------------------
    --------------------------------------------
     Format for Centminmod.com Nginx Installer
      1). add to nginx.conf
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    --------------------------------------------
      1). add to nginx.conf
    --------------------------------------------
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;
    real_ip_header X-Forwarded-For;
    --------------------------------------------
      2). add to /etc/csf/csf.allow
    --------------------------------------------
    csf -a 2400:cb00::/32 cloudflare
    csf -a 2606:4700::/32 cloudflare
    csf -a 2803:f800::/32 cloudflare
    csf -a 2405:b500::/32 cloudflare
    csf -a 2405:8100::/32 cloudflare
    csf -a 2a06:98c0::/29 cloudflare
    csf -a 2c0f:f248::/32 cloudflare
    --------------------------------------------
    

    while tools/csfcf.sh auto gives the include file populated
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh auto
    --------------------------------------------
     Add Cloudflare IP list to CSF
     from: https://www.cloudflare.com/ips-v4/
     from: https://www.cloudflare.com/ips-v6/
    --------------------------------------------
    --------------------------------------------
      Add to /etc/csf/csf.allow
    --------------------------------------------
    created /usr/local/nginx/conf/cloudflare.conf include file
    

    contents on IPv4 based server only for /usr/local/nginx/conf/cloudflare.conf has the following where it includes an include file nested inside for /usr/local/nginx/conf/cloudflare_customips.conf where you can add persistent set_real_ip_from lines that survive tools/csfcf.sh auto cronjob updates.
    Code (Text):
    include /usr/local/nginx/conf/cloudflare_customips.conf;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    #set_real_ip_from 2400:cb00::/32;
    #set_real_ip_from 2606:4700::/32;
    #set_real_ip_from 2803:f800::/32;
    #set_real_ip_from 2405:b500::/32;
    #set_real_ip_from 2405:8100::/32;
    #set_real_ip_from 2a06:98c0::/29;
    #set_real_ip_from 2c0f:f248::/32;
    real_ip_header X-Forwarded-For;
    

    So if you have IPv6 supported server you can add to nested include /usr/local/nginx/conf/cloudflare_customips.conf the Cloudflare IPv6 IPs uncommented
    Code (Text):
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;
    

    and then /usr/local/nginx/conf/cloudflare_customips.conf add Ezoic's know whitelisted IPs Ezoic via set_real_ip_from directive + the real_ip_recursive on directive
    Code (Text):
    real_ip_recursive on;
    
    # cloudflare IPv6 if server supports IPv6
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;
    
    # Ezoic IPv4 addresses
    set_real_ip_from 52.20.63.25;
    set_real_ip_from 3.225.202.138;
    set_real_ip_from 3.217.200.190;
    set_real_ip_from 54.212.71.227;
    set_real_ip_from 52.12.170.68;
    set_real_ip_from 34.218.21.81;
    set_real_ip_from 3.7.90.144;
    set_real_ip_from 13.127.240.219;
    set_real_ip_from 18.139.6.69;
    set_real_ip_from 18.140.184.0;
    set_real_ip_from 3.106.6.164;
    set_real_ip_from 3.106.176.6;
    set_real_ip_from 13.237.131.67;
    set_real_ip_from 15.222.77.144;
    set_real_ip_from 15.222.108.52;
    set_real_ip_from 18.157.131.187;
    set_real_ip_from 18.157.105.182;
    set_real_ip_from 3.126.25.160;
    set_real_ip_from 34.248.174.237;
    set_real_ip_from 52.16.85.139;
    set_real_ip_from 34.255.61.232;
    set_real_ip_from 15.236.165.82;
    set_real_ip_from 15.236.137.228;
    set_real_ip_from 15.236.166.30;
    set_real_ip_from 18.228.20.129;
    set_real_ip_from 18.228.107.195;
    
    # Ezoic IPv6 addresses if server supports IPv6
    set_real_ip_from 2600:1f10:4c55:e200::/56;
    set_real_ip_from 2600:1f13:393:600::/56;
    set_real_ip_from 2406:da1a:e10::/56;
    set_real_ip_from 2406:da18:9d0:1400::/56;
    set_real_ip_from 2406:da1c:58a:e100::/56;
    set_real_ip_from 2600:1f11:f39:6f00::/56;
    set_real_ip_from 2a05:d014:776:a600::/56;
    set_real_ip_from 2a05:d018:dd:7800::/56;
    set_real_ip_from 2a05:d012:4d8:6800::/56;
    set_real_ip_from 2600:1f1e:342:2f00::/56;
    

    Then to enable it on Centmin Mod per Nginx vhost basis, edit Nginx vhost and uncomment and remove hash # in front of the auto added
    /usr/local/nginx/conf/cloudflare.conf include line
    Code (Text):
    include /usr/local/nginx/conf/cloudflare.conf;
    

    restart Nginx server
    Code (Text):
    service nginx restart

    or Centmin Mod command shortcut
    Code (Text):
    ngxrestart
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,067
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    6:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I didn't understood as i will edit the:

    /usr/local/nginx/conf/cloudflare_customips.conf

    why i should enable the config file:

    include /usr/local/nginx/conf/cloudflare.conf

    Or the cloudflare.conf is parsing in a way the cloudflare_customips.conf ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,766
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    1:02 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you don't enable /usr/local/nginx/conf/cloudflare.conf, you can't load it's contents including the nested include file at /usr/local/nginx/conf/cloudflare_customips.conf.
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,067
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    6:02 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Perfect thank you !!!!
     
    Last edited: Aug 17, 2023