Update NGINX installation from v1.22.1 to 1.29.8 + QOL

[Frerduro]

• Following https://nginx.org/en/linux_packages.html#Debian to switch NGINX install from default NGINX install from debian default install to instead use mainline
• Minor change to modules/nginx/start.sh to add -e /dev/stderr to startup for better startup error logging.
• Changed nginx/conf.d/default.conf to include cloudflare realip. Additionally commented out logging configured in that file due to it overriding what is configured in nginx/nginx.conf already I am unsure if you would prefer just removing the configuration from nginx/conf.d/default.conf instead of commenting it out.
• Additional minor changes to nginx/nginx.conf to better align container logging. Both /dev/stderr and /dev/stdout work in pterodactyl due to it merging both into the same console output.

I have tested these changes via ghcr.io/frerduro/pterodactyl-nginx-egg:8.5-latest and have not found any issues so far.

[Ym0T]

Thank you for your contribution. I will take a look at everything and test it over the weekend.

[Ym0T]

Thanks for the contribution! I adjusted the real IP configuration slightly since Cloudflare Tunnel runs inside the container itself, requests to nginx always arrive from 127.0.0.1 (the local cloudflared process), not from the Docker network (172.18.0.0/16). I also switched the header from X-Forwarded-For to CF-Connecting-IP which is the header Cloudflare sets with the actual client IP. Everything else looks good and has been included!

[Frerduro]

Thanks for the contribution! I adjusted the real IP configuration slightly since Cloudflare Tunnel runs inside the container itself, requests to nginx always arrive from 127.0.0.1 (the local cloudflared process), not from the Docker network (172.18.0.0/16). I also switched the header from X-Forwarded-For to CF-Connecting-IP which is the header Cloudflare sets with the actual client IP. Everything else looks good and has been included!

Huh weird sorry for missing that. When I was testing my changes 172.18.0.0/16 worked fine and I guess I didn't investigate it further.

[Ym0T]

Thanks for the contribution! I adjusted the real IP configuration slightly since Cloudflare Tunnel runs inside the container itself, requests to nginx always arrive from 127.0.0.1 (the local cloudflared process), not from the Docker network (172.18.0.0/16). I also switched the header from X-Forwarded-For to CF-Connecting-IP which is the header Cloudflare sets with the actual client IP. Everything else looks good and has been included!

Huh weird sorry for missing that. When I was testing my changes 172.18.0.0/16 worked fine and I guess I didn't investigate it further.

No worries! I tested both configurations on my test server running WordPress with Cloudflare Tunnel using standard Pterodactyl/Docker configurations and your version with 172.18.0.0/16 didn't work, the real IP was never resolved and all requests showed 127.0.0.1 in the logs. I was also wondering why the Docker network range would even be used here, since Cloudflare Tunnel runs inside the container itself and therefore all requests to nginx come from 127.0.0.1 directly. Either way, switching to set_real_ip_from 127.0.0.1 with CF-Connecting-IP fixed it immediately and should work reliably for everyone using Cloudflare Tunnel with the standard setup of this egg.

[Frerduro]

Thanks for the contribution! I adjusted the real IP configuration slightly since Cloudflare Tunnel runs inside the container itself, requests to nginx always arrive from 127.0.0.1 (the local cloudflared process), not from the Docker network (172.18.0.0/16). I also switched the header from X-Forwarded-For to CF-Connecting-IP which is the header Cloudflare sets with the actual client IP. Everything else looks good and has been included!

Huh weird sorry for missing that. When I was testing my changes 172.18.0.0/16 worked fine and I guess I didn't investigate it further.

No worries! I tested both configurations on my test server running WordPress with Cloudflare Tunnel using standard Pterodactyl/Docker configurations and your version with 172.18.0.0/16 didn't work, the real IP was never resolved and all requests showed 127.0.0.1 in the logs. I was also wondering why the Docker network range would even be used here, since Cloudflare Tunnel runs inside the container itself and therefore all requests to nginx come from 127.0.0.1 directly. Either way, switching to set_real_ip_from 127.0.0.1 with CF-Connecting-IP fixed it immediately and should work reliably for everyone using Cloudflare Tunnel with the standard setup of this egg.

I figured it out on my end requests are coming from 172.18.0.1 when I use cloudflared tunnel built into this egg not 127.0.0.1 that is why it was working on my end when I was making my changes.