I have been struggling with the above question for countless hours and haven’t been able to find an explanation for the behavior either on this site or any other site for that matter. Might be me using the wrong queries though. This is my first question on stack overflow, so please be gentle 😉
The setup I’m using:
I have a server behind my router (which has internal IP 192.168.2.254) and use port forwarding to forward public ports 80 and 443 to my (ubuntu) server. I can access that server either by typing in it’s public IP (say 18.104.22.168) or by going to a domain (say example.org) which A records contain the same public IP or by typing in it’s internal IP (say 192.168.2.1) when on the same network. I use NGINX on that server as a reverse proxy to delegate the request to the appropriate (web) applications on the same server. The router is the standard router I got from my internet provider.
I have two clients connecting to that server, client A is on the same network as the server (say 192.168.2.2), while client B is not on the same network, but anywhere else in the world (say 22.214.171.124).
When I connect with client B (i.e. not on the same network) to my server (either using the public IP or the domain name) and I check the NGINX access logs for the client IP (i.e. $remote_addr) the correct/expected IP address is shown: 126.96.36.199.
Now the part I don’t understand:
When I connect with client A (same network as server) to the server using the internal IP of the server (192.168.2.1) the access logs show the correct/expect IP address from the client: 192.168.2.2.
But when I connect from the same client to the server either using the public IP address or the domain name, the NGINX access logs shows the IP address from the router: 192.168.2.254.
Why does this happen? This way I cannot log (and act on) which internal clients connect to the server.