Created
September 15, 2021 09:02
-
-
Save cuongitl/22028bae0faf1d66f8d7c52789f84122 to your computer and use it in GitHub Desktop.
python flask nginx behind cloudflare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs#C5XWe97z77b3XZV | |
| server { | |
| server_name lecuong.info; | |
| listen *:80; | |
| client_max_body_size 100M; | |
| proxy_read_timeout 600s; | |
| proxy_buffers 16 4k; | |
| proxy_buffer_size 2k; | |
| location ^~ /.well-known/acme-challenge/ { | |
| allow all; | |
| default_type "text/plain"; | |
| root /var/www/html/; | |
| #alias /var/www/html/.well-known/; | |
| } | |
| location / { | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header Host $host; | |
| #proxy_pass http://YOUR_IP_SERVER:80; | |
| include uwsgi_params; | |
| uwsgi_pass unix:/home/user/myproject/myproject.sock; | |
| } | |
| } | |
| server { | |
| server_name lecuong.info; | |
| set_real_ip_from 103.21.244.0/22; | |
| set_real_ip_from 103.22.200.0/22; | |
| set_real_ip_from 103.31.4.0/22; | |
| set_real_ip_from 104.16.0.0/13; | |
| set_real_ip_from 104.24.0.0/14; | |
| set_real_ip_from 108.162.192.0/18; | |
| set_real_ip_from 131.0.72.0/22; | |
| set_real_ip_from 141.101.64.0/18; | |
| set_real_ip_from 162.158.0.0/15; | |
| set_real_ip_from 172.64.0.0/13; | |
| set_real_ip_from 173.245.48.0/20; | |
| set_real_ip_from 188.114.96.0/20; | |
| set_real_ip_from 190.93.240.0/20; | |
| set_real_ip_from 197.234.240.0/22; | |
| set_real_ip_from 198.41.128.0/17; | |
| set_real_ip_from 2400:cb00::/32; | |
| set_real_ip_from 2606:4700::/32; | |
| set_real_ip_from 2803:f800::/32; | |
| set_real_ip_from 2405:b500::/32; | |
| set_real_ip_from 2405:8100::/32; | |
| set_real_ip_from 2c0f:f248::/32; | |
| set_real_ip_from 2a06:98c0::/29; | |
| #use any of the following two | |
| real_ip_header CF-Connecting-IP; | |
| #real_ip listen [::]:443 ssl ipv6only=on; | |
| listen 443 ssl; | |
| ssl_certificate /etc/letsencrypt/live/lecuong.info/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/lecuong.info/privkey.pem; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;_header X-Forwarded-For; | |
| client_max_body_size 100M; | |
| proxy_read_timeout 600s; | |
| proxy_buffers 16 4k; | |
| proxy_buffer_size 2k; | |
| location ^~ /.well-known/acme-challenge/ { | |
| allow all; | |
| default_type "text/plain"; | |
| root /var/www/html/; | |
| } | |
| location / { | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header Host $host; | |
| include uwsgi_params; | |
| uwsgi_pass unix:/home/user/myproject/myproject.sock; | |
| #proxy_pass https://unix:/home/user/myproject/myproject.sock:/; | |
| #proxy_pass https://YOUR_IP_SERVER:443; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment