Setting up Nginx with Cloudflare

I’ve written about the very excellent Cloudflare CDN before.  It’s a fantastic content delivery network with inbuilt security, I love it.  This is another quick howto to get your Nginx web server working properly with Cloudflare.

I will assume you already have a working LEMP server working.

SSH onto your Ubuntu box as usual.

You will need to edit the main nginx.conf and we’ll have to put in a list of IPs which will be connecting to your webserver.  We’ll also have to add a specific header tag since Cloudflare seem to use a non-standard proxy header (booo Cloudflare!).

nano /etc/nginx/nginx.conf

In the bottom of the http { } block you’ll want to add the following:

        # Cloudflare IPs
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
real_ip_header     CF-Connecting-IP;

[ctrl]+o to save, and [ctrl]+x to exit.

Now lets restart Nginx:

service nginx restart

And your logs should now be full of the proper origin IP address.

If you want to check if the list of IPs above is still current have a look at the Cloudflare IP Ranges.

Or if you’d like to make sure you never miss a Cloudflare IP change, see this very excellent automated solution to the above!