Cloudflare 顯示訪客的真實 IP

如果網站有使用 Cloudflare CDN 服務,在 Nginx 的 access.log 紀錄裡只會出現 Cloudflare 的 IP,而無法紀錄所有網站訪客實際的真實 IP 位址。

這情形對於做網站流量分析會造成訪客來源紀錄不正確的問題,而此篇教學可以解決這問題。

新增 /usr/local/bin/update.cloudflare.ip.sh

#!/bin/bash
# A simple shell script update Cloudflares IP addresses.
# Tested on : Debian and Ubuntu servers and Nginx only
# ----------------------------------------------------------------------------
# Author: Vivek Gite 
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 23 Apr 2017
# ----------------------------------------------------------------------------
## source for IPv4 and IPv6 urls ##
ipf='https://www.cloudflare.com/ips-v4'
ips='https://www.cloudflare.com/ips-v6'

## temp file location ##
t_ip_f="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"
t_ip_s="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"

## nginx config for Cloudflare ##
conf_out="/etc/nginx/conf.d/cloudflare.real.ip.conf"

## grab files ##
/usr/bin/wget -q -O $t_ip_f $ipf
/usr/bin/wget -q -O $t_ip_s $ips

## generate it ##
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_f > $conf_out
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_s >> $conf_out
echo 'real_ip_header CF-Connecting-IP;' >> $conf_out

## delete temp files ##
[ -f "$t_ip_f" ] && /bin/rm -f $t_ip_f
[ -f "$t_ip_s" ] && /bin/rm -f $t_ip_s

## reload nginx ##
/bin/systemctl reload nginx
chmod +x /usr/local/bin/update.cloudflare.ip.sh

設定 Nginx
/etc/nginx/conf.d/<you-web-site>.conf

...
...
 include "/etc/nginx/conf.d/cloudflare.real.ip.conf";

執行 /usr/local/bin/update.cloudflare.ip.sh

/usr/local/bin/update.cloudflare.ip.sh

測試網站瀏覽
檢查 /var/log/nginx/access.log 是否可以顯示訪客的來源 IP

定期更新

@weekly /usr/local/bin/update.cloudflare.ip.sh
延伸閱讀