Cloudflare 上 UniFi 控制器的 NGINX 反向代理存在问题。当有人以管理员身份登录时,它会说他们来自 127.0.0.1。我还是 Nginx 的新手,这是我搞砸的最复杂的项目。
我real_ip_header CF-Connecting-IP;
在另一个 .conf 中使用所有 Cloudflares IP
server {
listen 443 ssl http2;
server_name u.com;
ssl_certificate /etc/ssl/certs/u.com/cert.pem;
ssl_certificate_key /etc/ssl/private/u.com/priv.pem;
#ssl_client_certificate /etc/ssl/certs/cloudflare_origin_pull.pem;
#ssl_verify_client on;
location /ws {
proxy_pass https://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
}
location / {
proxy_pass https://127.0.0.1:8443/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_ssl_verify off;
client_max_body_size 200m;
}
}
server {
listen 80;
listen [::]:80;
server_name u.com;
location / {
return 301 https://u.com$request_uri;
}
}