Question

我需要将Cloudflares ips添加到我们的nginx文件中。我不确定这块ips到底是怎么回事。我会想象一个位置指令。

我需要知道如何正确添加这些ips

allow 103.21.244.0/22;
allow 103.22.200.0/22;
allow 103.31.4.0/22;
allow 104.16.0.0/12;
allow 108.162.192.0/18;
allow 141.101.64.0/18;
allow 162.158.0.0/15;
allow 172.64.0.0/13;
allow 173.245.48.0/20;
allow 188.114.96.0/20;
allow 190.93.240.0/20;
allow 197.234.240.0/22;
allow 198.41.128.0/17;
allow 199.27.128.0/21;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
real_ip_header CF-Connecting-IP;

到我的最小nginx代理配置文件：

server {
   listen                  80;
   listen                  [::]:80;
   server_name             my.domain.tld;
   access_log              /var/log/nginx/access.log combined;
   error_log               /var/log/nginx/error.log warn;
   return 301              https://$host$request_uri;
}
server {
   listen                  443 ssl http2;
   listen                  [::]:443 ssl http2;
   server_name             my.domain.tld;
   access_log              /var/log/nginx/access.log combined;
   error_log               /var/log/nginx/error.log warn;
   ssl                     on;
   ssl_certificate         /certs/cloudflare/my.domain.tld.crt.pem;
   ssl_certificate_key     /certs/cloudflare/my.domain.tld.key.pem;
   client_max_body_size    100M;

   location / {
       proxy_set_header    X-Forwarded-For $remote_addr;
       proxy_pass          http://127.0.0.1:8087;
    }
}

我认为在使用Cloudflare中的SSL时这是必要的。

Answer 1

以下是将CloudFlare的ips添加到nginx配置

的方法

server {
    listen                  80;
    listen                  [::]:80;
    server_name             my.domain.tld;
    access_log              /var/log/nginx/access.log combined;
    error_log               /var/log/nginx/error.log warn;
    return 301              https://$host$request_uri;
}
server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             my.domain.tld;
    access_log              /var/log/nginx/access.log combined;
    error_log               /var/log/nginx/error.log warn;
    ssl                     on;
    ssl_certificate         /certs/cloudflare/my.domain.tld.crt.pem;
    ssl_certificate_key     /certs/cloudflare/my.domain.tld.key.pem;
    client_max_body_size    100M;

    allow 103.21.244.0/22;
    allow 103.22.200.0/22;
    allow 103.31.4.0/22;
    allow 104.16.0.0/12;
    allow 108.162.192.0/18;
    allow 141.101.64.0/18;
    allow 162.158.0.0/15;
    allow 172.64.0.0/13;
    allow 173.245.48.0/20;
    allow 188.114.96.0/20;
    allow 190.93.240.0/20;
    allow 197.234.240.0/22;
    allow 198.41.128.0/17;
    allow 199.27.128.0/21;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 199.27.128.0/21;
    real_ip_header CF-Connecting-IP;

    location / {
       proxy_set_header    X-Forwarded-For $remote_addr;
       proxy_pass          http://127.0.0.1:8087;
    }
}

如何将CloudFlare的ips添加到我的最小nginx配置中

1 个答案: