Example nginx config to be used with cloudflare and ctfd. This config will log real ips on ctfd and also rate limit the connections based on real IP to 10r/s.

nginx.conf

worker_processes 8;

events {

  worker_connections 2048;
}

http {
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  limit_req_zone $http_cf_connecting_ip zone=mylimit:10m rate=10r/s;
  limit_conn_zone $http_cf_connecting_ip zone=addr:10m;

  # Configuration containing list of application servers
  upstream app_servers {

    server ctfd:8000;
  }

  server {

    # listen 80;
    listen 443 ssl;
    server_name example.com;
    ssl_certificate_key /etc/nginx/example.key;
    ssl_certificate     /etc/nginx/example.pem;
    client_max_body_size 4G;

    limit_req zone=mylimit burst=15;
    limit_conn addr 10;
    limit_req_status 429;

    # Handle Server Sent Events for Notifications
    location /events {

      proxy_pass http://app_servers;
      proxy_set_header Connection '';
      proxy_http_version 1.1;
      chunked_transfer_encoding off;
      proxy_buffering off;
      proxy_cache off;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $http_cf_connecting_ip;
      proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
      proxy_set_header X-Forwarded-Host $server_name;
    }

    # Proxy connections to the application servers
    location / {

      proxy_pass http://app_servers;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $http_cf_connecting_ip;
      proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
      proxy_set_header X-Forwarded-Host $server_name;
    }
  }
}