I am trying to accomplish a similar if not same task. I am running nginx 1.12.0 and am trying to maintain the source IP for logging purposes so that fail2ban can block the nefarious characters trying to compromise my system. I have a single server where I am trying to host a vpn server and a web server. To prevent my VPN from being blocked/filtered I want to run it on port 443 in tandem with a secby klog - How to...