router is ER7212PC v1.0

controller 5.14.34.4

I have an nginx server on VLAN100. I have ACLs in place to allow traffic between this VLAN and other VLANs. ACLS are in place to limit traffic between other VLANs.

I have DNS server (AdGuard) running on a trunk-line with an IP address defined on each VLAN and this DNS server is specificed in all omada networks (site settings > wired networks > LAN > Networks > DNS Server > manual)

The DNS server rewrites queries to my webiste to the nginx server's  IP address on VLAN 100. it all seems to be working well. I can access my services from home and outside.
However, and here is my issue, NGINX logs are not showing any internal IP that calls the on the nginx server. it instead shows my public ISP IP address.

is this the expected behaviour? I would expect it to show the internal IP address