Setting up a web application in the cloud is always fun and exciting.
Recently, I launched a Geekflare Tools tool, which is hosted in AWS behind Cloudflare.
I am using the AWS application load balancer and Nginx as a web server. After making life, I went to see the access.log and noticed all requests were marked as coming from internal (load balancer) IP.
This is not good if you want to analyze your web server logs for visitor locations. I realized that I am missing or need to do some configuration changes to restore the client IP.
Are you in the same situation as I was?
Well, here is how you can get the client IP in your Nginx access logs.
Getting Visitor IP from AWS or Google Cloud LB
- Login to your Nginx webserver
- Go to the path where it’s installed (default location /etc/nginx)
- Take a backup of
- Add the following under HTTP block
real_ip_header X-Forwarded-For; set_real_ip_from 0.0.0.0/0;
- Restart the Nginx, and you should see the visitor’s IP in your access.log file
If you are behind Cloudflare, then you will see their IP instead of the client’s IP, so you got to do the below as well.
Getting Client IP from Cloudflare
Cloudflare is a great CDN and Security provider, and I absolutely love it. If you are using Cloudflare like me and would like to restore the visitor IP in the web server log, then here is how you can do it.
Assuming you are logged into the Nginx server
Take a backup of your site configuration file (usually here – /etc/nginx/sites-available/yourdomain)
Add the following at the beginning of the file
set_real_ip_from 22.214.171.124/22; set_real_ip_from 126.96.36.199/22; set_real_ip_from 188.8.131.52/22; set_real_ip_from 184.108.40.206/13; set_real_ip_from 220.127.116.11/14; set_real_ip_from 18.104.22.168/18; set_real_ip_from 22.214.171.124/22; set_real_ip_from 126.96.36.199/18; set_real_ip_from 188.8.131.52/15; set_real_ip_from 184.108.40.206/13; set_real_ip_from 220.127.116.11/20; set_real_ip_from 18.104.22.168/20; set_real_ip_from 22.214.171.124/20; set_real_ip_from 126.96.36.199/22; set_real_ip_from 188.8.131.52/17; set_real_ip_from 184.108.40.206/21; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; real_ip_header CF-Connecting-IP;
Note: You may want to validate the IP list from their official page.
Restart Nginx, and you should see the client IP now. This has helped me, and I hope you too.
Next, find out how you can implement secure headers using Cloudflare Workers.
More great readings on Nginx
How to Redirect AMP Page to Non-AMP in Nginx, Apache, Cloudflare?Abhishek Nair on September 27, 2021
How to Block .git in Apache, Nginx and Cloudflare?Chandan Kumar on October 27, 2020
How to Protect Page with Password in Apache, Nginx, WordPress, Hosting?Chandan Kumar on September 11, 2020
How to Implement ZeroSSL Certificate in Apache and Nginx?Asad Ali on May 24, 2020
Configuring Nginx for Performance and SecurityMichael Aboagye on February 24, 2020
How to Enable CORS in Apache and Nginx?Chandan Kumar on October 18, 2019
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.