Changing $_SERVER['REMOTE_ADDR'] remotely

Question

On a nginx web-server running the following config is to possible to change $_SERVER['REMOTE_ADDR'] remotely?:

user www;
pid /run/nginx.pid;
error_log /dev/stderr info;

events {
    worker_connections 1024;
}

http {
    server_tokens off;
    log_format docker '$remote_addr $remote_user $status "$request" "$http_referer" "$http_user_agent" ';
    access_log /dev/stdout docker;

    charset utf-8;
    keepalive_timeout 20s;
    sendfile on;
    tcp_nopush on;
    client_max_body_size 1M;

    server {
        listen 80;
        server_name _;

        index index.php;
        root /www;

        set $proxy "";

        if ($request_uri ~ ^/proxy) {
            set $proxy "R";
        }

        if ($http_host != "admin.domain.com") {
            set $proxy "${proxy}H";
        }
        
        if ($proxy = "RH") {
            return 403;
        }

        location /uploads {
            return 403;
        }

        location / {
            try_files $uri $uri/ /index.php?$query_string;
            location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/run/php-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
            }
        }
    }
}

Any method will do, I've attempted modifying X-Forwarded-For to no avail so I'm assuming this config file holds the keys to changing $_SERVER['REMOTE_ADDR'] remotely.

Answer 1

The $_SERVER['REMOTE_ADDR'] can be trusted. This is the source address of the TCP connection to the server, it is not taken from headers that are sent by the client as is the case with some of the other $_SERVER variables.