I'm using CDN for my website and wants to get the real ip of clients. My configurations are as following:
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
real_ip_header X-Forwarded-For;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
In the past the configuration worked well, but since my CDN support IPV6, then I got below issues.
I tied to use IPV6 to access my website, then for my request:
remote_addr: 117.34.13.18
http_x_forwarded_for: 2409:890c:530:a849:84b5:3a3b:d0ce:4e5b
realip_remote_addr: 117.34.13.18
proxy_add_x_forwarded_for: 2409:890c:530:a849:84b5:3a3b:d0ce:4e5b, 117.34.13.18
It seems nginx used CDN IP as remote_addr when nginx get IPV6 address.
Then I can't get user's RealIp if they are on IPV6.
I checked nginx document, it's said realip support IPV6. Is there any way to get client's IPV6 realIP?
I know I can use $http_x_forwarded_for as client's IP, but if clients connect to my server directly, then there will be no $http_x_forwarded_for.
I had the exact same thing happen to me today (16 months after your question). Whenever an IPV6 user accessed me via Cloudflare, it would only log Cloudflare's IP address. The nginx version I was running was quite old, so I tried a new Debian server running nginx 1.14.2, and the issue was resolved! So if anyone else has the same issue, try upgrading nginx.