我一直尝试在我的主 nginx 配置文件中将 HttpRealipModule 与 CloudFlare IP 范围一起使用,但重新启动 nginx 后,我只会得到标准的“配置文件 /etc/nginx/nginx.conf 测试失败”并且我的网站将会关闭。
这就是我一直尝试用 nginx.conf 做的事情;
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
# Basic Settings
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
real_ip_header CF-Connecting-IP;
client_max_body_size 50m;
client_header_timeout 5;
keepalive_timeout 5;
port_in_redirect off;
sendfile on;
server_tokens off;
server_name_in_redirect off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# MIME
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_min_length 1400;
gzip_types text/plain text/css text/javascript text/xml application/x-javascript application/xml application/xml+rss;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
该配置文件有什么问题?
答案1
尝试以这种方式整合:
# Cloudflare
real_ip_header X-Forwarded-For;
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_recursive on;