docs(config): add trusted proxy and cdn details to .env.example

Update comments for EZ_BALANCER_TRUSTED_PROXIES to include: - Header resolution priority (CF-Connecting-IP, Ali-CDN-Real-IP, etc.) - Current Cloudflare IPv4/IPv6 CIDR lists for easier reference - Specific notes on production configuration guidelines
2026-01-13 17:47:51 +00:00 · 2026-01-03 23:52:02 +08:00
parent 8a52d58674
commit f4d6f64068
1 changed files with 16 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@@ -132,9 +132,23 @@ EZ_BALANCER_ENABLE_TEST_KEYS=false

 # 可信反向代理 IP/CIDR 列表（逗号分隔）
 # 用于在反向代理后正确解析客户端真实 IP，支持 IP 白名单/黑名单功能
-# 仅当 RemoteAddr 命中可信代理时才信任 X-Real-IP 和 X-Forwarded-For 头
-# 生产环境：必须配置为实际代理 IP，如 10.0.0.0/8,192.168.1.1
+# 仅当 RemoteAddr 命中可信代理时才信任代理头（CF-Connecting-IP, Ali-CDN-Real-IP, X-Real-IP, X-Forwarded-For）
+#
+# 支持的 CDN 头（按优先级）：
+#   1. CF-Connecting-IP (Cloudflare)
+#   2. Ali-CDN-Real-IP (阿里云 CDN)
+#   3. X-Real-IP
+#   4. X-Forwarded-For
+#
+# 生产环境：必须配置为实际代理 IP
 # 开发环境：可留空（直连场景）
+#
+# Cloudflare IP 段（截至 2025-01，请定期检查 https://www.cloudflare.com/ips/）
+# IPv4: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
+# IPv6: 2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32
+#
+# 阿里云 CDN（节点 IP 动态变化，建议通过阿里云控制台获取或使用 Ali-CDN-Real-IP 头）
+#
 EZ_BALANCER_TRUSTED_PROXIES=

 # ------------------------------------------------------------------------------