Configure Nginx to restore real visitor IPs behind Cloudflare — correct access logs, rate limiting, and IP-based access control with the ngx_http_realip_module.