CD
Cloudflare Developers2mo ago
Wojciech

Cloudflare tunnel - apache2 show source IP

I want Apache2 to see the correct IP through the Cloudflare tunnel, I did everything according to https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/ but there is still a local IP in the logs. When I run this simple script through the CF tunnel, my real IP is shown, so the forwarding works, but Apache doesn't see it, what could be the problem? 
<?php
  echo 'CF-Connecting-IP: ' . $_SERVER['HTTP_CF_CONNECTING_IP'];
?>
<?php
  echo 'CF-Connecting-IP: ' . $_SERVER['HTTP_CF_CONNECTING_IP'];
?>
Cloudflare Docs
Restoring original visitor IPs · Cloudflare Support docs
When your website traffic is routed through the Cloudflare network, we act as a reverse proxy. This allows Cloudflare to speed up page load time by routing packets more efficiently and caching static resources (images, JavaScript, CSS, etc.). As a result, when responding to requests and logging them, your origin server returns a Cloudflare IP ad...
2 Replies
Wojciech
WojciechOP2mo ago
my conf 
<VirtualHost *:80>
    ServerName 192.100.100.252
    DocumentRoot /var/www/nextcloud/

    RemoteIPHeader CF-Connecting-IP

    RemoteIPTrustedProxy 173.245.48.0/20
    RemoteIPTrustedProxy 103.21.244.0/22
    RemoteIPTrustedProxy 103.22.200.0/22
    RemoteIPTrustedProxy 103.31.4.0/22
    RemoteIPTrustedProxy 141.101.64.0/18
    RemoteIPTrustedProxy 108.162.192.0/18
    RemoteIPTrustedProxy 190.93.240.0/20
    RemoteIPTrustedProxy 188.114.96.0/20
    RemoteIPTrustedProxy 197.234.240.0/22
    RemoteIPTrustedProxy 198.41.128.0/17
    RemoteIPTrustedProxy 162.158.0.0/15
    RemoteIPTrustedProxy 104.16.0.0/13
    RemoteIPTrustedProxy 104.24.0.0/14
    RemoteIPTrustedProxy 172.64.0.0/13
    RemoteIPTrustedProxy 131.0.72.0/22

    # Log files
    ErrorLog /var/log/apache2/error.log
    CustomLog /var/log/apache2/access.log combined

    <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All

        <IfModule mod_dav.c>
            Dav off
        </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
    </Directory>
</VirtualHost>
<VirtualHost *:80>
    ServerName 192.100.100.252
    DocumentRoot /var/www/nextcloud/

    RemoteIPHeader CF-Connecting-IP

    RemoteIPTrustedProxy 173.245.48.0/20
    RemoteIPTrustedProxy 103.21.244.0/22
    RemoteIPTrustedProxy 103.22.200.0/22
    RemoteIPTrustedProxy 103.31.4.0/22
    RemoteIPTrustedProxy 141.101.64.0/18
    RemoteIPTrustedProxy 108.162.192.0/18
    RemoteIPTrustedProxy 190.93.240.0/20
    RemoteIPTrustedProxy 188.114.96.0/20
    RemoteIPTrustedProxy 197.234.240.0/22
    RemoteIPTrustedProxy 198.41.128.0/17
    RemoteIPTrustedProxy 162.158.0.0/15
    RemoteIPTrustedProxy 104.16.0.0/13
    RemoteIPTrustedProxy 104.24.0.0/14
    RemoteIPTrustedProxy 172.64.0.0/13
    RemoteIPTrustedProxy 131.0.72.0/22

    # Log files
    ErrorLog /var/log/apache2/error.log
    CustomLog /var/log/apache2/access.log combined

    <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All

        <IfModule mod_dav.c>
            Dav off
        </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
    </Directory>
</VirtualHost>
Laudian
Laudian2mo ago
You want to use set_real_ip_from 127.0.0.1; instead of using all of Cloudflare's ips oops, that was for nginx. Still, that's the ip you need to use, as the tunnel connects from localhost.

Did you find this page helpful?