How to run concrete5 behind CloudFlare and AWS ELB

This is valid after concrete5.7. Since implementing Symfony framework, concrete5 is equipped with IP check. If the user changed the originated IP address, concrete5 will log you out. However, this security measurement doesn’t go well with advanced load balancer such as AWS Elastic Load Balancer or CloudFlare. From concrete5’s POV, it can only see the IP addresses of the load balancer ($_SERVER[‘REMOTE_ADDR’] to be exact). Because the balancer’s IP address will constantly be changing, concrete5 (Symfony framework) think your ID&PW may be stolen and log you out. You will get the symptom that you can login to concrete5 welcome page, but you cannot go further, but forced to be logged out […]