Home CentMinMod Getting real IP in Nginx when behind cloudflare Haproxy

Getting real IP in Nginx when behind cloudflare Haproxy

Create a file named cloudflare_ips.ls and in that add all the cloudflare IP’s

vi /etc/haproxy/cloudflare_ips.ls
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

Now in your haproxy configuration add

acl from_cf    src -f /etc/haproxy/cloudflare_ips.lst
http-request set-src req.hdr(CF-Connecting-IP) if from_cf

So your configuration will look like

frontend https
   mode http
   bind *:443 ssl crt /etc/letsencrypt/live/web.bullten.work/web.bullten.work.pem alpn h2,http/1.1


   option forwardfor

    http-request track-sc0 src table per_ip_rates
    http-request deny deny_status 429 if { sc_http_req_rate(0) gt 10 }

    acl from_cf    src -f /etc/haproxy/cloudflare_ips.lst
    http-request set-src req.hdr(CF-Connecting-IP) if from_cf

   default_backend app-main

This was haproxy will record real IP of user and send it to nginx.

Must Read

Routing Domain Name in Haproxy

I hope you are following the below guide. Now suppose you want to route domain name to open specific backend that have...

Enable Logging in Haproxy

HAProxy can emit log message for processing by a syslog server. This is compatible with familiar syslog tools like Rsyslog, as well...

Getting real IP in Nginx when behind cloudflare Haproxy

Create a file named cloudflare_ips.ls and in that add all the cloudflare IP's vi /etc/haproxy/cloudflare_ips.ls 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/12 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32

Getting Real IP in HaproxyNginx configuration

Well its a little configuration can get real to nginx when haproxy is set as reverse proxy. Follow this...

Haproxy as Single Point to Failure Node With Glusterfs and MariaDB Maxscale Cluster

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It...