Why is my server getting connections from its own IP?

The most numerous connecting IP is my server's own IP.

It's Debian 10, Nginx, Mysql machine serving a single Wordpress and phpBB site. It's a virtual machine on Google's Cloud.

I'm obviously not too hot with this stuff, but good enough to build up a machine and have it serve the site.

$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr

returns

5122 104.198.149.xxx

4268 157.90.209.xxx

3752 93.158.90.xxx

1982 68.68.32.xxx

[...]

~ ~ ~

104.198.149.xxx is my server.

Output of

grep 104.198.149.xxx /var/log/nginx/access.log

162.158.252.xxx - - [11/Nov/2021:00:00:25 -0700] "GET /forums/ HTTP/1.1" 200 12459 "https://104.198.149.xxx/forums" "Mozilla/5.0 (compatible;Cloudflare-Healthchecks/1.0;+https://www.cloudflare.com/; healthcheck-id: bfa5d32ce9a5eaf8)"  
  
172.69.32.xxx - - [11/Nov/2021:00:00:59 -0700] "GET /forums/ HTTP/1.1" 200 12471 "https://104.198.149.xxx/forums" "Mozilla/5.0 (compatible;Cloudflare-Healthchecks/1.0;+https://www.cloudflare.com/; healthcheck-id: bfa5d32ce9a5eaf8)"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:00 -0700] "POST /wp/wp-cron.php?doing_wp_cron=1636614060.6961169242858886718750 HTTP/1.1" 200 31 "https://www.example.com/wp/wp-cron.php?doing_wp_cron=1636614060.6961169242858886718750" "WordPress/5.8.2; https://www.matthewsvolvosite.com"  
  
108.162.220.xxx - - [11/Nov/2021:00:01:03 -0700] "GET /forums/ HTTP/1.1" 200 12465 "https://104.198.149.xxx/forums" "Mozilla/5.0 (compatible;Cloudflare-Healthchecks/1.0;+https://www.cloudflare.com/; healthcheck-id: bfa5d32ce9a5eaf8)"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:07 -0700] "GET /forums/download/file.php?id=30434&mode=view HTTP/1.0" 200 641193 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:07 -0700] "GET /forums/download/file.php?id=30435&mode=view HTTP/1.0" 200 933139 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:10 -0700] "GET /forums/download/file.php?id=55475&mode=view HTTP/1.0" 200 1015069 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:10 -0700] "GET /forums/download/file.php?id=55476&mode=view HTTP/1.0" 200 933149 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:10 -0700] "GET /forums/download/file.php?id=55477&mode=view HTTP/1.0" 200 916765 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:17 -0700] "GET /forums/download/file.php?id=30691&mode=view HTTP/1.0" 200 121584 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:18 -0700] "GET /forums/download/file.php?id=30692&mode=view HTTP/1.0" 200 137607 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:18 -0700] "GET /forums/download/file.php?id=30693&mode=view HTTP/1.0" 200 133153 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:24 -0700] "GET /forums/download/file.php?id=33292&mode=view HTTP/1.0" 200 949523 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:25 -0700] "GET /forums/download/file.php?id=33293&mode=view HTTP/1.0" 200 1047827 "-" "-"  
  
104.198.149.xxx - - [11/Nov/2021:00:01:25 -0700] "GET /forums/download/file.php?id=33294&mode=view HTTP/1.0" 200 916755 "-" "-"

The reason you will see connections from your servers IP is usually due to using a reverse proxy. Over the years there has been changes to how this can be resolved.

The original way was using the X-Forwarded-For header. Then there was a standardised way of doing it with RFC 7239 which is called Forwarded. Here is an article from NGINX explaining this.

The final option is to use the proxy protocol. HERE is the official documentation around this from NGINX.

To understand this all more in depth here is a fantastic post explaining it all.

This is an educated guess.

You have a WordPress plugin that somehow views files uploaded to the phpBB forum you have. Internally it downloads the file from phpBB, and then presents it via some WordPress -side page.