群晖DSM穿透获取真实IP地址教程（实践通过）

server {

    # 监听IPv4，并开启Proxy Protocol协议

    listen 4443 ssl proxy_protocol;

 

    # 监听IPv6，并开启Proxy Protocol协议

    listen [::]:4443 ssl proxy_protocol;

 

    # 监听的域名，你解析给云服务器的域名

    server_name bs.home.com;

 

    # 排除Cloudflare CDN的IP

    # 如果你有使用到CDN的服务的话，一般NAS不会使用到此类IP

    # 仅供参考

    set_real_ip_from 173.245.48.0/20;

    set_real_ip_from 103.21.244.0/22;

    set_real_ip_from 103.22.200.0/22;

    set_real_ip_from 103.31.4.0/22;

    set_real_ip_from 141.101.64.0/18;

    set_real_ip_from 108.162.192.0/18;

    set_real_ip_from 190.93.240.0/20;

    set_real_ip_from 188.114.96.0/20;

    set_real_ip_from 197.234.240.0/22;

    set_real_ip_from 198.41.128.0/17;

    set_real_ip_from 162.158.0.0/15;

    set_real_ip_from 104.16.0.0/13;

    set_real_ip_from 104.24.0.0/14;

    set_real_ip_from 172.64.0.0/13;

    set_real_ip_from 131.0.72.0/22;

    set_real_ip_from 2400:cb00::/32;

    set_real_ip_from 2606:4700::/32;

    set_real_ip_from 2803:f800::/32;

    set_real_ip_from 2405:b500::/32;

    set_real_ip_from 2405:8100::/32;

    set_real_ip_from 2a06:98c0::/29;

    set_real_ip_from 2c0f:f248::/32;

 

    # 排除本地IP，请根据你的具体情况配置

    set_real_ip_from 192.168.0.0/16;

    set_real_ip_from 172.17.0.0/16;

    set_real_ip_from 127.0.0.0/8;

    # 排除服务器IP

    set_real_ip_from 1.1.1.1/32;

 

    # 真实IP使用proxy_protocol协议

    real_ip_header proxy_protocol;

 

    # 开启排除IP功能

    real_ip_recursive on;

 

    proxy_headers_hash_max_size 512;

    proxy_headers_hash_bucket_size 128;

 

    # 反向代理

    location / {

        # 目标地址，实际可以访问的群晖内网默认HTTPS地址及端口，请根据实际情况调整

        proxy_pass https://192.168.1.88:84443;

 

        # 兼容http

        # proxy_set_header Upgrade-Insecure-Requests 1;

 

        # 告诉后端使用ssl

        proxy_ssl_server_name on;

 

        # 客户端使用的http协议

        proxy_set_header X–Forwarded–Proto $scheme;

        proxy_set_header X–Scheme $scheme;

 

        # 客户端host

        proxy_set_header Host $host;

        proxy_set_header REMOTE–HOST $remote_addr;

        proxy_set_header X–Forwarded–Host $http_host;

 

        # 完整URI

        proxy_set_header X–Original–URI $request_uri;

 

        # 客户端使用的端口

        proxy_set_header X–Real–Port $proxy_protocol_port;

 

        # 多层代理IP

        proxy_set_header X–Forwarded–For $proxy_protocol_addr;

 

        # 客户端IP，群晖默认会通过X-Real-IP获取用户IP

        proxy_set_header X–Real–IP $proxy_protocol_addr;

 

        # 支持Websocket

        # 如果你使用诸如Docker bash此类的功能，则需要开启Websocket

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection Upgrade;

        proxy_connect_timeout 60s;

        proxy_read_timeout 60s;

        proxy_send_timeout 12s;

        # 配置文件来自https://www.alainlam.cn/?p=403

    }

 

原文链接：https://cutepig.net/archives/6339