You may notice that Apache access logs show a "localhost" IP address (127.0.0.1) for remote requests on a domain that is being proxied through Cloudflare and served through Nginx:
127.0.0.1 - - [01/Jan/20XX:00:00:00 +0000] "HEAD /testfile.php HTTP/1.1" 200 0 "-" "curl/7.61.1"
This can be caused by certain network configurations in which the localhost IP address is logged instead of the remote IP that generated the request. Our configuration attempts to automatically detect trusted IPs from Cloudflare, but it does not include localhost (127.0.0.1). This can be mitigated by making some changes to the Nginx configuration.
1. We can add 127.0.0.1 to the list of trusted Cloudflare hosts:
echo "set_real_ip_from 127.0.0.1;" >> /etc/nginx/conf.d/server-includes/cloudflare-local.conf
2. Once the setting is added, rebuild your Nginx config files, and new log entries will begin using the proper IP address:
/scripts/ea-nginx config --all