好物优选点击查看详情 京东购买

暂无内容

群晖DSM穿透获取真实IP地址教程(实践通过)

server {

    # 监听IPv4,并开启Proxy Protocol协议

    listen 4443 ssl proxy_protocol;

 

    # 监听IPv6,并开启Proxy Protocol协议

    listen [::]:4443 ssl proxy_protocol;

 

    # 监听的域名,你解析给云服务器的域名

    server_name bs.home.com;

 

    # 排除Cloudflare CDN的IP

    # 如果你有使用到CDN的服务的话,一般NAS不会使用到此类IP

    # 仅供参考

    set_real_ip_from 173.245.48.0/20;

    set_real_ip_from 103.21.244.0/22;

    set_real_ip_from 103.22.200.0/22;

    set_real_ip_from 103.31.4.0/22;

    set_real_ip_from 141.101.64.0/18;

    set_real_ip_from 108.162.192.0/18;

    set_real_ip_from 190.93.240.0/20;

    set_real_ip_from 188.114.96.0/20;

    set_real_ip_from 197.234.240.0/22;

    set_real_ip_from 198.41.128.0/17;

    set_real_ip_from 162.158.0.0/15;

    set_real_ip_from 104.16.0.0/13;

    set_real_ip_from 104.24.0.0/14;

    set_real_ip_from 172.64.0.0/13;

    set_real_ip_from 131.0.72.0/22;

    set_real_ip_from 2400:cb00::/32;

    set_real_ip_from 2606:4700::/32;

    set_real_ip_from 2803:f800::/32;

    set_real_ip_from 2405:b500::/32;

    set_real_ip_from 2405:8100::/32;

    set_real_ip_from 2a06:98c0::/29;

    set_real_ip_from 2c0f:f248::/32;

 

    # 排除本地IP,请根据你的具体情况配置

    set_real_ip_from 192.168.0.0/16;

    set_real_ip_from 172.17.0.0/16;

    set_real_ip_from 127.0.0.0/8;

    # 排除服务器IP

    set_real_ip_from 1.1.1.1/32;

 

    # 真实IP使用proxy_protocol协议

    real_ip_header proxy_protocol;

 

    # 开启排除IP功能

    real_ip_recursive on;

 

    proxy_headers_hash_max_size 512;

    proxy_headers_hash_bucket_size 128;

 

    # 反向代理

    location / {

        # 目标地址,实际可以访问的群晖内网默认HTTPS地址及端口,请根据实际情况调整

        proxy_pass https://192.168.1.88:84443;

 

        # 兼容http

        # proxy_set_header Upgrade-Insecure-Requests 1;

 

        # 告诉后端使用ssl

        proxy_ssl_server_name on;

 

        # 客户端使用的http协议

        proxy_set_header XForwardedProto $scheme;

        proxy_set_header XScheme $scheme;

 

        # 客户端host

        proxy_set_header Host $host;

        proxy_set_header REMOTEHOST $remote_addr;

        proxy_set_header XForwardedHost $http_host;

 

        # 完整URI

        proxy_set_header XOriginalURI $request_uri;

 

        # 客户端使用的端口

        proxy_set_header XRealPort $proxy_protocol_port;

 

        # 多层代理IP

        proxy_set_header XForwardedFor $proxy_protocol_addr;

 

        # 客户端IP,群晖默认会通过X-Real-IP获取用户IP

        proxy_set_header XRealIP $proxy_protocol_addr;

 

        # 支持Websocket

        # 如果你使用诸如Docker bash此类的功能,则需要开启Websocket

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection Upgrade;

        proxy_connect_timeout 60s;

        proxy_read_timeout 60s;

        proxy_send_timeout 12s;

        # 配置文件来自https://www.alainlam.cn/?p=403

    }

 

原文链接:https://cutepig.net/archives/6339

© 版权声明
THE END
喜欢就支持一下吧
点赞7 分享