网站套cloudflare免费自定义节点cdn之后,访问网站出现 Error 520

小白的 Alpharacks 大盘鸡随着Quadranet机房拔线离线了。刚好HostHatch出了一款15美金年付250G硬盘的VPS,HostHatch:250G 大盘鸡或10T 流量VPS只需$15/年 更多套餐均可走内网免流量。

购买后第一时间安装了宝塔6.9.4.然后把网站数据恢复了回去。然后更改了cloudflare IP。等解析成功后访问了下居然错误520了。

报错信息:

Error 520 Ray ID: xdd5f1c9fc11axxc • 2019-05-27 06:31:12 UTC
Web server is returning an unknown error
What happened?
There is an unknown connection issue between Cloudflare and the origin web server. As a result, the web page can not be displayed.
What can I do?
If you are a visitor of this website:
Please try again in a few minutes.

If you are the owner of this website:
There is an issue between Cloudflare's cache and your origin web server. Cloudflare monitors for these errors and automatically investigates the cause. To help support the investigation, you can pull the corresponding error log from your web server and submit it our support team. Please include the Ray ID (which is at the bottom of this error page). Additional troubleshooting resources.

看到这个报错,还以为是宝塔6.9.4开心版有问题呢。修改本地hosts,测试后发现网站是正常的。仔细想了下,应该是宝塔收费插件脑残设定造成的。关掉了收费插件nginx防火墙里的禁止国外访问终于正常了。

问题原因:

宝塔面板收费插件nginx防火墙,开启了禁止国外访问。导致了CF无法访问源站。

解决办法:

  • 面板 → 软件商店 → 付费插件 → Nginx防火墙
  • 点击防火墙的设置 → 全局设置 → 禁止国外访问 → 把状态勾选成灰色

总结:

宝塔的产品经理可能有点脑残,居然把付费功能负优化。默认禁止国外用户访问,导致问题发生。以后安装nginx防火墙后,第一时间禁用 禁止国外访问。

备注:

此方法适用于站点套用CF|cloudflare CDN, 网站可以全球访问。

如果,希望站点既套用CF|cloudflare CDN, 又只允许中国境内访问,那么可以开启该插件中 禁止国外访问 功能。但是开启之前,要先把CF|cloudflare CDN 的IP添加到IP白名单。

如此,就解决了问题。


CF|cloudflare CDN 的IP-官网

https://www.cloudflare.com/ips/

CF的IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/12

172.64.0.0/13

131.0.72.0/22

Also available as a IPv4 text list.

CF的IPv6

2400:cb00::/32

2606:4700::/32

2803:f800::/32

2405:b500::/32

2405:8100::/32

2a06:98c0::/29

Also available as a IPv6 text list.