diff --git a/docs/changelog.d/+fix-flyio-rate-limit-key.bugfix.md b/docs/changelog.d/+fix-flyio-rate-limit-key.bugfix.md
new file mode 100644
index 0000000..1473ab1
--- /dev/null
+++ b/docs/changelog.d/+fix-flyio-rate-limit-key.bugfix.md
@@ -0,0 +1 @@
+Fix Fly.io proxy rate limiting to key on real client IP instead of Fly's internal proxy IP, so crawlers no longer consume the shared rate limit bucket for all clients.
diff --git a/fly/nginx.conf b/fly/nginx.conf
index 992a5df..75cd102 100644
--- a/fly/nginx.conf
+++ b/fly/nginx.conf
@@ -27,7 +27,7 @@ http {
     access_log /var/log/nginx/access.json.log json_log;
 
     # Rate limiting zones — define per-service zones as needed
-    limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
+    limit_req_zone $http_fly_client_ip zone=general:10m rate=10r/s;
 
     # Forge-specific rate limit keyed on real client IP (Fly-Client-IP header).
     # $binary_remote_addr is Fly's internal proxy IP — all clients share one