I have encountered same problem, the Plex server shows only the Tailnet IP (100.x.x.x) rather than the real WAN IP of the device.
I did the same thing as you. Correctly configured X-Forwarded-For and X-Real-IP in Nginx. Furthermore, I also tried Jellyfin to see what will it shows in the same condition. Jellyfin correctly treated all traffic from my reverse proxy server as remote accesses and shows the WAN IP. However, what I think magical is, when I access from another device directly via Tailscale (not in the same physical LAN with the server, the device was using cellular network, while the server was using the Ethernet), Jellyfin can also recognize this device is not accessing through a reverse proxy and will shows the Tailnet IP (100.x.x.x) rather than the WAN IP at this time.
I guess this is the issue with Plex server implementation, since the Jellyfin server can definitely handle this condition correctly.
I also did the same thing as Curious how people who use Tailscale manage subnet routing, to let my server treat all the traffic from Tailnet as remote access. But there seems no way to solve the IP showing problem now.
I will also leave a comment under https://www.youtube.com/watch?v=8iRgvhRpyK4, to see if the Tailscale staff has any solution.
