cuongitl/python_flask_nginx_befhind_cloudflare.conf

## python_flask_nginx_befhind_cloudflare.conf
# https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs#C5XWe97z77b3XZV

server {
    server_name  lecuong.info;
    listen *:80;
    client_max_body_size 100M;
    proxy_read_timeout 600s;
    proxy_buffers 16 4k;
    proxy_buffer_size 2k;
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
    root /var/www/html/;
    #alias /var/www/html/.well-known/;
}
    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        #proxy_pass http://YOUR_IP_SERVER:80;
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/myproject.sock;
    }
}

server {
    server_name lecuong.info;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

#use any of the following two

real_ip_header CF-Connecting-IP;
#real_ip    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/lecuong.info/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/lecuong.info/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;_header X-Forwarded-For;

    client_max_body_size 100M;
    proxy_read_timeout 600s;
    proxy_buffers 16 4k;
    proxy_buffer_size 2k;
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
    root /var/www/html/;
}

    location / {
	proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/myproject.sock;
	#proxy_pass https://unix:/home/user/myproject/myproject.sock:/;
	#proxy_pass https://YOUR_IP_SERVER:443;
    }

}
	# https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs#C5XWe97z77b3XZV

	server {
	server_name lecuong.info;
	listen *:80;
	client_max_body_size 100M;
	proxy_read_timeout 600s;
	proxy_buffers 16 4k;
	proxy_buffer_size 2k;
	location ^~ /.well-known/acme-challenge/ {
	allow all;
	default_type "text/plain";
	root /var/www/html/;
	#alias /var/www/html/.well-known/;
	}
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;
	#proxy_pass http://YOUR_IP_SERVER:80;
	include uwsgi_params;
	uwsgi_pass unix:/home/user/myproject/myproject.sock;
	}
	}

	server {
	server_name lecuong.info;
	set_real_ip_from 103.21.244.0/22;
	set_real_ip_from 103.22.200.0/22;
	set_real_ip_from 103.31.4.0/22;
	set_real_ip_from 104.16.0.0/13;
	set_real_ip_from 104.24.0.0/14;
	set_real_ip_from 108.162.192.0/18;
	set_real_ip_from 131.0.72.0/22;
	set_real_ip_from 141.101.64.0/18;
	set_real_ip_from 162.158.0.0/15;
	set_real_ip_from 172.64.0.0/13;
	set_real_ip_from 173.245.48.0/20;
	set_real_ip_from 188.114.96.0/20;
	set_real_ip_from 190.93.240.0/20;
	set_real_ip_from 197.234.240.0/22;
	set_real_ip_from 198.41.128.0/17;
	set_real_ip_from 2400:cb00::/32;
	set_real_ip_from 2606:4700::/32;
	set_real_ip_from 2803:f800::/32;
	set_real_ip_from 2405:b500::/32;
	set_real_ip_from 2405:8100::/32;
	set_real_ip_from 2c0f:f248::/32;
	set_real_ip_from 2a06:98c0::/29;

	#use any of the following two

	real_ip_header CF-Connecting-IP;
	#real_ip listen [::]:443 ssl ipv6only=on;
	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/lecuong.info/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/lecuong.info/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;_header X-Forwarded-For;

	client_max_body_size 100M;
	proxy_read_timeout 600s;
	proxy_buffers 16 4k;
	proxy_buffer_size 2k;
	location ^~ /.well-known/acme-challenge/ {
	allow all;
	default_type "text/plain";
	root /var/www/html/;
	}

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;
	include uwsgi_params;
	uwsgi_pass unix:/home/user/myproject/myproject.sock;
	#proxy_pass https://unix:/home/user/myproject/myproject.sock:/;
	#proxy_pass https://YOUR_IP_SERVER:443;
	}

	}