So I had this working on Nginx but we decided against using that web server due to no .htaccess support. (I still personally really want to use Nginx, but I don't want to have to convert every customers' .htaccess rewrites into Nginx format and add them manually to .conf files...)
We switched over to Apache, but it seems like restoring original Visitor IPs is a pain there too. The docs say don't touch the /etc/apache2.conf file, but that literally looks like where mod_remoteip needs to be enabled from. Also it doesn't look like the /etc/apache2.conf file pulls in anything from /etc/conf-available (or /etc/conf-enabled) which is where I would usually add the Cloudflare IP ranges in a .conf file. I would usually just add a line in apache2.conf to pull in a .conf file from /etc/conf-available/*.conf, but again the docs say don't touch the apache2.conf file. :/
So I'm looking at OLS now because it seems like original visitor IPs make it through to the server logs without having to touch any config (tested this over the weekend). OLS has a guide that says you have to make some config changes, but it seems like either Enhance or the latest OLS version does this without having to make those config changes so I guess that guide is irrelevant..
The whole reason I'm trying to do this is because I want to install Fail2Ban and make sure it works properly and doesn't start blocking a bunch of Cloudflare IP ranges. Also I'd just like the server logs to show the real visitor's IP address instead of a Cloudflare IP address...
Is OLS the easiest way to go in this case? I'm trying to land on a web server for our setup/environment, but it seems I'm finding these small compromises that require manual fixes regardless of which web server I choose (e.g. OLS config persistence requires a script by @cPFence).
How is everybody here handling this? Suggestions and recommendations welcomed.
