Skip to main content

set_real_ip_header for proxy OTHER than Cloudflare with Nginx?

Comments

4 comments

  • cPRex Jurassic Moderator

    Hey there!  I confirmed that commenting out the offending line and then adding the rest works, and doesn't get overwritten with the nightly upcp.  Here is what the bottom of that file looks like on my test server after my changes, using the data you provided above:

    #real_ip_header CF-Connecting-IP;
    # Define header with original client IP
    real_ip_header X-Forwarded-For;
    # Define trusted Firewall IPs
    set_real_ip_from 192.88.134.0/23;
    set_real_ip_from 185.93.228.0/22;
    set_real_ip_from 66.248.200.0/22;
    set_real_ip_from 208.109.0.0/22;
    set_real_ip_from 2a02:fe80::/29;

    Can you try that on your end and see if that works?

    0
  • gotdoge

    Hi cPRex, that file gets re-generated when the ea-nginx package gets updated. Edited it as outlined and processed available updates which included ea-nginx and it's back to the stock version.

    Ideally, there would be some way to have it so the configuration isn't applied globally in my opinion - or could otherwise be configured on a per-user basis. For example, some hosted domains may use Cloudflare, others may use Sucuri, others may use CloudFront, and so on.

    0
  • cPRex Jurassic Moderator

    I spoke with some other people this morning and we aren't able to come up with a good workaround for this issue that would be stable and not get overwritten.  Could you submit a ticket so we can do some more in-depth research on this?

    0
  • cPRex Jurassic Moderator

    Update - our team has created case CPANEL-46343 to explore what options we have to make this possible in the product.  If I hear anything else on my end I'll be sure to post!

    0

Please sign in to leave a comment.