# Existing log format often uses $remote_addr by default
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
#                 '$status $body_bytes_sent "$http_referer" '
#                 '"$http_user_agent" "$http_x_forwarded_for"';

# Add these lines within the http {} block, OR server {} block
# (http block is generally preferred for these directives)
# Make sure they are *before* the access_log directive if possible.

# --- Real IP Configuration ---
# Replace with the ACTUAL IP range(s) of your Traefik Docker network(s)
set_real_ip_from 172.22.0.0/16;  # Example: Trust IPs from this subnet
# You can add multiple set_real_ip_from lines if needed
# set_real_ip_from 192.168.1.0/24; # Example if Traefik was also on another network

# Which header contains the real client IP?
# X-Forwarded-For handles multiple proxies better. X-Real-IP is simpler if only Traefik.
real_ip_header X-Real-IP;

# If using X-Forwarded-For, tell Nginx how to process it.
# 'on' means find the *last* IP address that is NOT from a trusted proxy.
# This is usually correct when behind one or more trusted proxies.
real_ip_recursive off;
# --- End Real IP Configuration ---


server {
    listen 80;
    listen [::]:80;
    server_name localhost;

    # Use the 'realip' processed $remote_addr in logs
    # Ensure your access_log format uses $remote_addr (like 'combined' or 'main')
    access_log /var/log/nginx/access.log combined; # Or your preferred format using $remote_addr

    root /usr/share/nginx/html;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }
}

# It's common practice to put realip config in the http block
# If your default.conf is included inside an existing http block in nginx.conf,
# placing the realip directives *outside* the server block but *inside* http is standard.
# If this file IS your entire http block, place them just before the server block.