I’m going to oversimplify this by saying that the same approach is taken for Cloudflare as it is on most reverse proxy or proxy services that are placed in front of an Nginx web server.
You need to properly set up Nginx via Nginx’s ngx_http_realip_module module and you’ll need to whitelist the Cloudflare IPv4 addresses. You should also prevent IP leaks which need to you enable Cloudflare Authenticated Origin Pull certificates on your Cloudflare Full SSL enabled sites.
Sadly, this is not trivial on your own VPS and likely near-impossible on a shared host. In the end, it might just be safer to turn off the (orange) proxy that comes with the Cloudflare Free Plan.