Cloudflare 顯示訪客的真實 IP

如果網站有使用 Cloudflare CDN 服務，在 Nginx 的 access.log 紀錄裡只會出現 Cloudflare 的 IP，而無法紀錄所有網站訪客實際的真實 IP 位址。 
 這情形對於做網站流量分析會造成訪客來源紀錄不正確的問題，而此篇教學可以解決這問題。 
 新增 /usr/local/bin/update.cloudflare.ip.sh 
 #!/bin/bash
# A simple shell script update Cloudflares IP addresses.
# Tested on : Debian and Ubuntu servers and Nginx only
# ----------------------------------------------------------------------------
# Author: Vivek Gite 
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 23 Apr 2017
# ----------------------------------------------------------------------------
## source for IPv4 and IPv6 urls ##
ipf='https://www.cloudflare.com/ips-v4'
ips='https://www.cloudflare.com/ips-v6'

## temp file location ##
t_ip_f="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"
t_ip_s="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"

## nginx config for Cloudflare ##
conf_out="/etc/nginx/conf.d/cloudflare.real.ip.conf"

## grab files ##
/usr/bin/wget -q -O $t_ip_f $ipf
/usr/bin/wget -q -O $t_ip_s $ips

## generate it ##
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_f > $conf_out
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_s >> $conf_out
echo 'real_ip_header CF-Connecting-IP;' >> $conf_out

## delete temp files ##
[ -f "$t_ip_f" ] && /bin/rm -f $t_ip_f
[ -f "$t_ip_s" ] && /bin/rm -f $t_ip_s

## reload nginx ##
/bin/systemctl reload nginx 
 chmod +x /usr/local/bin/update.cloudflare.ip.sh 
 設定 Nginx /etc/nginx/conf.d/<you-web-site>.conf 
 ...
...
 include "/etc/nginx/conf.d/cloudflare.real.ip.conf"; 
 執行 /usr/local/bin/update.cloudflare.ip.sh 
 /usr/local/bin/update.cloudflare.ip.sh 
 測試網站瀏覽 檢查 /var/log/nginx/access.log 是否可以顯示訪客的來源 IP 
 定期更新 
 @weekly /usr/local/bin/update.cloudflare.ip.sh 
 延伸閱讀 
 
 Nginx restore real IP address when behind a reverse proxy