Nginx反代cloudflare站点报502或403错误解决办法

卡片描述
在一次安装aapanel面板的时候 发现下载文件的时候非常慢,于是我下载了脚本文件打开发现有

    echo "Selected download node..."
    nodes=(https://node.aapanel.com)

于是就开始了“反代之路”发现并没有那么简单,因为cloudflare默认屏蔽了Nginx的反代,直接用反代配置文件肯定报502或者403,捣鼓了一下,所以就有了今天这篇文章额教程~

本文使用 https://node.aapanel.com/ 作为反代目标站点

以下是宝塔&aapanel的Nginx默认反代配置文件

#PROXY-START/

location ^~ /
{
    proxy_pass https://node.aapanel.com;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    # proxy_hide_header Upgrade;
    #Persistent connection related configuration

    add_header X-Cache $upstream_cache_status;
    #Set Nginx Cache

    set $static_filevY6oU8Aw 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_filevY6oU8Aw 1;
        expires 1m;
    }
    if ( $static_filevY6oU8Aw = 0 )
    {
        add_header Cache-Control no-cache;
    }
}
#PROXY-END/

将上面的配置文件的$host改成你需要反代的目标网站

特别注意
在添加反代的时候,格式是http(s)://node.aapanel.com 修改$host的时候仅需填写目标网站的域名即可 不需要写 http(s):// 和 / 否则会报400错误。

再加这个配置

    #反代CF增加规则
    proxy_ssl_name $host;
    #把$host改成目标域名
    proxy_ssl_server_name on;

完整的 全局 Nginx反代配置文件如下:

#PROXY-START/

location ^~ /
{
    proxy_pass https://node.aapanel.com;
    proxy_set_header Host node.aapanel.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    # proxy_hide_header Upgrade;
    #Persistent connection related configuration

    #反代CF增加规则
    proxy_ssl_name node.aapanel.com;
    #把$host改成目标域名
    proxy_ssl_server_name on;
    
    add_header X-Cache $upstream_cache_status;
    #Set Nginx Cache

    set $static_filevY6oU8Aw 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_filevY6oU8Aw 1;
        expires 1m;
    }
    if ( $static_filevY6oU8Aw = 0 )
    {
        add_header Cache-Control no-cache;
    }
}
#PROXY-END/

方法二(推荐临时使用)

指定 路径(aapanel) 全局反代


# PROXY-START/
location /aapanel/ {
    # 去掉 /aapanel 前缀后再转发
    rewrite ^/aapanel(/.*)$ $1 break;

    proxy_pass https://node.aapanel.com;
    proxy_set_header Host node.aapanel.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;

    proxy_ssl_name node.aapanel.com;
    proxy_ssl_server_name on;

    add_header X-Cache $upstream_cache_status;

    set $static_file9uY9s480 0;
    if ($uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$") {
        set $static_file9uY9s480 1;
        expires 1m;
    }
    if ($static_file9uY9s480 = 0) {
        add_header Cache-Control no-cache;
    }
}
# PROXY-END/

现在你就可以成功的反代cloudflare的站点了~

声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。