This is my basic test setup: (no cloudflare)
sudo nano /etc/nginx/sites-available/default
Ive changed default ports of apache to 8080 and 444 and added the above to /etc/nginx/sites-available/default. As you can see, nginx will listen on 443 and pass to 444 (apache).
Xenforo
You will see IP 127.0.0.1 in xenforo logs and apache access.log.
Fix xenforo
Add to src/config.php
Apache access.log fix
We can modify the LogFormat line in /etc/apache2/apache2.conf and replace %h with %{X-Forwarded-For}i:
nano /etc/apache2/apache2.conf
Please now check your apache access.log and xenforo. make sure the IP is correct.
Adding cloudflare
What happens when i enable cloudfare?
Xenforo will show the correct IP.
Apache access.log will show both the correct IP and cloudflares IP for each user access.
Nginx access.log will show just cloudflares IP.
Fix
/etc/nginx/nginx.conf
Below http { add:
After making changes to apache or nginx always restart them.
sudo systemctl restart apache2
sudo systemctl restart nginx
sudo nano /etc/nginx/sites-available/default
Code:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
proxy_pass https://127.0.0.1:444;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Ive changed default ports of apache to 8080 and 444 and added the above to /etc/nginx/sites-available/default. As you can see, nginx will listen on 443 and pass to 444 (apache).
Xenforo
You will see IP 127.0.0.1 in xenforo logs and apache access.log.
Fix xenforo
Add to src/config.php
Code:
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
Apache access.log fix
We can modify the LogFormat line in /etc/apache2/apache2.conf and replace %h with %{X-Forwarded-For}i:
nano /etc/apache2/apache2.conf
Code:
[...]
#LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[...]
Please now check your apache access.log and xenforo. make sure the IP is correct.
Adding cloudflare
What happens when i enable cloudfare?
Xenforo will show the correct IP.
Apache access.log will show both the correct IP and cloudflares IP for each user access.
Nginx access.log will show just cloudflares IP.
Fix
/etc/nginx/nginx.conf
Below http { add:
Code:
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
real_ip_header CF-Connecting-IP;
After making changes to apache or nginx always restart them.
sudo systemctl restart apache2
sudo systemctl restart nginx