From f4d6f640689970c36a1ab7d04cc7bd5ade2571ac Mon Sep 17 00:00:00 2001 From: zenfun Date: Sat, 3 Jan 2026 23:52:02 +0800 Subject: [PATCH] docs(config): add trusted proxy and cdn details to .env.example Update comments for EZ_BALANCER_TRUSTED_PROXIES to include: - Header resolution priority (CF-Connecting-IP, Ali-CDN-Real-IP, etc.) - Current Cloudflare IPv4/IPv6 CIDR lists for easier reference - Specific notes on production configuration guidelines --- .env.example | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 5101c0f..6bbbdd5 100644 --- a/.env.example +++ b/.env.example @@ -132,9 +132,23 @@ EZ_BALANCER_ENABLE_TEST_KEYS=false # 可信反向代理 IP/CIDR 列表(逗号分隔) # 用于在反向代理后正确解析客户端真实 IP,支持 IP 白名单/黑名单功能 -# 仅当 RemoteAddr 命中可信代理时才信任 X-Real-IP 和 X-Forwarded-For 头 -# 生产环境:必须配置为实际代理 IP,如 10.0.0.0/8,192.168.1.1 +# 仅当 RemoteAddr 命中可信代理时才信任代理头(CF-Connecting-IP, Ali-CDN-Real-IP, X-Real-IP, X-Forwarded-For) +# +# 支持的 CDN 头(按优先级): +# 1. CF-Connecting-IP (Cloudflare) +# 2. Ali-CDN-Real-IP (阿里云 CDN) +# 3. X-Real-IP +# 4. X-Forwarded-For +# +# 生产环境:必须配置为实际代理 IP # 开发环境:可留空(直连场景) +# +# Cloudflare IP 段(截至 2025-01,请定期检查 https://www.cloudflare.com/ips/) +# IPv4: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22 +# IPv6: 2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32 +# +# 阿里云 CDN(节点 IP 动态变化,建议通过阿里云控制台获取或使用 Ali-CDN-Real-IP 头) +# EZ_BALANCER_TRUSTED_PROXIES= # ------------------------------------------------------------------------------