r/selfhosted

•

2 yr. ago

How to use the real_ip_header in Nginx Proxy Manager, whilst using still using access lists for Cloudflare?

I run all of my services behind cloudflare, and to stop non-cloudflare-proxied traffic reaching them, I created an access list of the cloudflare endpoints, and added the rule to all of my services. It worked before, but I then wanted to see the real client IP in my logs, so I added:

real_ip_header CF-Connecting-IP;

to them, in the advanced tab. Now, the requests get blocked, presumably because it uses the real-ip to filter traffic. Is there any way to get the real client IP, while still filtering non-cloudflare traffic?

ClickUp_App

•

Promoted

The everything app, for work. Get everyone working in a single platform designed to manage any type of work.

Learn More

clickup.com

Thumbnail image: The everything app, for work. Get everyone working in a single platform designed to manage any type of work.

Sort by:

Best

Open comment sort options

[deleted]

•

2y ago

Comment deleted by user

sk1nT7

•

2y ago

• Edited 2y ago

This is unnecessary since NPM fetches the Cloudflare IPv4 and IPv6 addresses automatically during runtime. It then sets the set_real_ip_from for all common cloud provider or CDN IPs.

See https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf

More replies

sk1nT7

•

2y ago

Not possible. You either can use access lists and not set the real_ip_header or vice versa.

Use a firewall in front of NPM and whitelist cloudflare IPv4 and IPv6 only. Then set NPM to use real_ip_header CF-Connecting-IP; in a proxy host's advanced section.

t3chg3n13

•

2y ago

What about blocking all except cloudflare at the firewall? Probably safer than letting your app server handle it

DoUhavestupid

•

2y ago

Sorry, I probbaly didn't make it clear! I block the non-cloudflare traffic in nginx-proxy-manager, and not in the web servers for the individual services.

More replies

chaplin2

•

2y ago

But Cloudflare has a huge list of IPs. A lot of scammers use Cloudflare and AWS .

Can you filter based on an http header or something?

More replies

rex_divakar

•

2y ago

I don’t want to block any ingress requests but i want to capture the real IP address instead of cloudflare proxy using nginx as reverse proxy. Could someone suggest a way for it ??

redwood_software_

•

Promoted

Don't settle for second-best. 🏆 RunMyJobs by Redwood leads with a 95 G2 satisfaction score — significantly higher than AutoSys, Control-M, Automic and others. Learn why.

redwood.com

Thumbnail image: Don't settle for second-best. 🏆 RunMyJobs by Redwood leads with a 95 G2 satisfaction score — significantly higher than AutoSys, Control-M, Automic and others. Learn why.

askin_all_questions

•

2y ago

Are you able to upload a picture of what that config looks like. I am currently trying to figure that out for fail2ban, and not sure if I set up the option correctly. Thanks!

DoUhavestupid

•

2y ago

I just created an access list of all the cloudflare IPs (listed here: https://www.cloudflare.com/ips-v4), and then applied it to all of my cloudflare-proxied services in nginx proxy manager:

Created access list:

https://i.ibb.co/VmsQstT/Screenshot-2022-12-27-at-12-36-45.png

Named rule:

https://i.ibb.co/jrmQdmF/Screenshot-2022-12-27-at-12-36-53.png

Applied rule to services:

https://i.ibb.co/fkkT5Mk/Screenshot-2022-12-27-at-12-37-31.png

More replies

mercher8

•

1y ago

Late reply, but use the solution discussed here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1358

How to use the real_ip_header in Nginx Proxy Manager, whilst using still using access lists for Cloudflare?

Comments Section

Cloudflare + Nginx Proxy Manager

Anyone using nginxui ? Trying to find an alternative for nginx-proxy-manager

better security for NGINX Proxy Manager exposed sites.(Docker)

Congratulations! Nginx Proxy Manager - what do i do about it?

Looking for Alternatives to Nginx Reverse Proxy

Migrating from Nginx to Caddy with Cloudflare SSL certificates.

[Guide] Fail2Ban With Nginx and Cloudflare Free (With IPv6 Support)

NGINX Proxy Manager Frustration with upstream ssl host

How do I setup local DNS, reverse proxy, and cloudflare to work properly

How safe is it to host your own password manager with cloudflare tunnel for access?

Problem with Nginx Reverse Proxy and Stirling PDF

Nginx server receives malicious requests. Should I be worried?

🌐 Cloudflare DNS Manager for Docker - Automatically manage DNS records for your self-hosted services

Cloudflare Tunnel or Reverse Proxies

Where to put NGINX

Trying to move away from Cloudflare...

Easiest way to do authentication and reverse proxy

Using .local or .lan for internal services using a proxy manager when i don't have a domain

Thanks Google! My own registered domain and non-public/internal only nginx hosted pages are now Dangerous!

How I standardized CLI tools across my entire self-hosted infrastructure

The reverse proxy really is the pain point when self hosting, any suggestions?

Easiest way to setup internal-only DNS for a bunch of Docker containers

Selfhosted DNS is annoying.

So, cloudflare is blocked, what now?

Does Nginx actually have better performance (RAM/CPU) than apache2 using it as reverse proxy/web-server?

Top Posts