This guide explains how to configure Nginx to log the users real IP in the access logs when using Cloudflare with MDOQ Magento hosting. (i.e how to get real IP behind Cloudflare WAF for Magento)
- Create a development instance.
- Add the file
mdoq/nginx/generated/cloudflare.conf
- In this file add the following
set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 162.158.0.0/15; set_real_ip_from 104.16.0.0/13; set_real_ip_from 104.24.0.0/14; set_real_ip_from 172.64.0.0/13; set_real_ip_from 131.0.72.0/22; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2a06:98c0::/29; set_real_ip_from 2c0f:f248::/32; real_ip_header CF-Connecting-IP; real_ip_recursive on;
N.B These IPs may change, please ensure you use the latest list of IPv4 and IPv6 addresses, they can be obtained here: https://www.cloudflare.com/ips/ - Add the following to
.gitignore
!mdoq/nginx/generated/cloudflare.conf
- Create the file
app/etc/cloudflare/di.xml
with the content:
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Framework\HTTP\PhpEnvironment\RemoteAddress">
<arguments>
<argument name="alternativeHeaders" xsi:type="array">
<item name="real_ip" xsi:type="string">HTTP_X_REAL_IP</item>
</argument>
</arguments>
</type>
</config> - Add the changes to source control and peform a zero downtime release.
- Sync Nginx component on production instance