cloudflare_real-ip - Docker mod for SWAG

This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and outputs them in a format Nginx can use with set_real_ip_from.

It reads this list for IPv4, and this list for IPV6.

In SWAG docker arguments, set an environment variable DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip

If adding multiple mods, enter them in an array separated by |, such as DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-f2bdiscord

Mod usage instructions

The file gets placed in your persistent data, at /config/nginx/cf_real-ip.conf

To enable nginx to read the IPs from this file, you need the following in your nginx.conf (http section):

real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /config/nginx/cf_real-ip.conf;

This mod also tries to detect the real ip from the interfaces in the container.

You may need to add this mod (and the above config changes) to every nginx based container being proxied by SWAG.

Cloudflare tunnels

In case you use Cloudflare tunnels, real IP might be reported in containers as 127.0.0.1. In this case, please add below to http section of nginx.conf.

From:

real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /config/nginx/cf_real-ip.conf;

to:

real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /config/nginx/cf_real-ip.conf;
set_real_ip_from 127.0.0.1;

Versions

• 16.01.23: - Format shell scripts.
• 21.01.21: - Fix bug when mod runs before internet-access.