AWSTATS with a Nginx Proxy Manager

Karl · May 27, 2025, 5:16pm

Hello,

I’m opening this post because I’m encountering a small, non-blocking but nonetheless annoying problem for which I can’t find a solution.

I’m using Nginx Proxy Manager on the front end, which manages all the redirections from my home network to various machines.
Behind this machine, I’ve installed HestiaCP, which hosts my personal websites.

Everything works perfectly: Nginx Proxy Manager handles redirects and Let’s Encrypt certificates just fine.

The problem is that I can’t get the public IP of the clients accessing my websites.
In the Awstats logs (or the Nginx logs behind it), I only see the local IP address of my Nginx Proxy Manager (192.168.X.X), and not that of the actual visitors.

Could you give me an idea?
I’ve scoured the forum, but I can’t find any topic that might help me…

Thank you,
Karl

sahsanu · May 27, 2025, 8:40pm

Hi @Karl

I’ve never used Nginx Proxy Manager, but you could try the same approach Hestia uses to retrieve the real IP from Cloudflare connections. Hestia adds the following configuration to Nginx:

❯ cat /etc/nginx/conf.d/cloudflare.inc
# Cloudflare IP Ranges

# IPv4
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;

# IPv6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;

real_ip_header CF-Connecting-IP;

If your Nginx Proxy Manager can add a header (such as X-Real-IP) containing the real IP address, you can create a configuration file like the following. Assume 192.168.1.2 is the IP address of your NPM:

set_real_ip_from 192.168.1.2;
real_ip_header X-Real-IP;

You should disable the cloudflare.inc file, as Nginx can use only one real_ip_header directive. While it’s technically possible to add more, it requires the headers_more module, which would mean compiling Nginx yourself.

As I mentioned, I haven’t tested this setup personally, but it might be worth trying.

hybrid · August 13, 2025, 9:02pm

Hi Karl

Im interested in doing this on my VPS. Let my nginx Manager manage my port 80 and 443 incoming requests and then direct it to hestiaCP and other containers on that vps.

If this is more or less your setup , would you mind sharing your way of getting past the nginx and hestiacp wanting port 80 and 443?
Thanks