Get real IP when using CloudFlare with Nginx / Apache

CloudFlare acts as a reverse proxy, so all connections to your server’s IP will be displayed with CloudFlare.

If your server configuration uses to IP, such as using firewall, log files … it is obligatory to adjust add additional steps to be able to operate stably.

the IP address of the original users are stored in the header X-Forwarded-for or header CF-Connecting-IP you use headers Whatever.

See also: Thiet ke biet thu dep

Get original IP client using CloudFlare with Nginx

Open Nginx configuration file, usually the path /etc/nginx/nginx.conf and place the real Nginx configuration later in the block IP module http .

 set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400: cb00 :: / 32;
set_real_ip_from 2606: 4700 :: / 32;
set_real_ip_from 2803: F800 :: / 32;
set_real_ip_from 2405: B500 :: / 32;
set_real_ip_from 2405: 8100 :: / 32;
set_real_ip_from 2c0f: f248 :: / 32;
set_real_ip_from 2a06: 98c0 :: / 29;

# Use any of the drop down two
CF-Connecting-IP real_ip_header;
X-Forwarded-For #real_ip_header;

In addition, you need to adjust the parameters to use log_format $ http_cf_connecting_ip or $ HTTP_X_FORWARDED_FOR as follows:

 main log_format '$ REMOTE_ADDR - $ REMOTE_USER [$time_local] $ status'
                '' $ Request "$ body_bytes_sent" $ HTTP_REFERER " '
                ' "$ HTTP_USER_AGENT" "$ http_cf_connecting_ip"';

Reload the Nginx to use the new configuration is complete.

List of IP needs to be updated from time to time, you can get the IP the latest here .

Get original IP client using CloudFlare with Apache

If using Apache Webserver, you can use the package available mod cloudflare .

1. Install the package needed

– Red Hat / Fedora:

 sudo yum install httpd-devel libtool git

– Debian / Ubuntu:

 sudo apt-get install apache2-dev libtool git

2. The latest Clone mod_cloudflare code

 && cd git clone https://github.com/cloudflare/mod_cloudflare.git mod_cloudflare

3. Compile the module

Red Hat / Fedora / Debain / Ubuntu:

 apxs -i -a -c mod_cloudflare.c

4. Restart the webserver and check the module was active

– Red Hat / Fedora:

 service httpd restart httpd -M && | grep CloudFlare

– Debian / Ubuntu:

 sudo apachectl restart; apache2ctl -M | grep CloudFlare

5. If your web server load balancer is used to add the following line to your Apache configuration file:

 CloudFlareRemoteIPTrustedProxy 123 123 123 123

More information here guidelines use CloudFlare and configure WordPress, Joomla …

Wish you success.

See more:

> Máy ép bùn khung bản tốt nhất Việt Nam

> Mẫu thiết kế biệt thự cao cấp nhất

> Thiết kế biệt thự cổ điển bởi Kiến Trúc AC

> Dự án thiết kế biệt thự Pháp đẹp

Get real IP when using CloudFlare with Nginx / Apache
3.27 (65.33%) 150 votes

Instructions for installing the Comodo SSL certificate

Installing the Comodo SSL certificate

PositiveSSL of Comodo SSL Certificate Domain Validation is a lot of people used by low cost, easy to install, does not require paperwork to confirm the information at all.

In this article, I will guide you how to install the certificate on the server PositiveSSL using Nginx.

If you have not registered SSL certificate, refer to promotional SSL blog thiết kế biệt thự

1. Generate certificate

SSL After registration, you need to conduct a new receiving generate the certificate file.

In this step, you need to give Private Key (and CSR Key), be careful to save Private Key to use the steps below. Depending on where you register the certificate that supports key functions automatically generate different.

See also: Plan your keywords for any website

Format private key form:

—– BEGIN PRIVATE KEY —–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXCvdAoLtG5QRb
GvYZ / 9pOqYYUpA / rZnAAUAFyqdnMcMsYmD6W / m4J9W7 / onDrQX7ExzfAKhbWy + FA
v18S8P7arvjxnjXoS8rs4 / IVwiqLy5PqispyEmlsFp19 / TpJeYltVrrPofiS7 / IV
p095TH66erRgxe54BhzPI2XrurKeqSlgyMbBfgw73KaX3LP7qVcVOSEJWkz9WEhl
RJrYwZ3s8U2iFF7ZK / wX7pVN36XM187pFg6vcIjKWdnOUmgPsOYof6d72koddiPm
oOuDIHAd3M3i1OrhLmx1usHmbL5hj2ls9MI6LOjm15ZAGk + q7lIOsdRfAto8pgE7
u7oB4ts / AgMBAAECggEAaLYGP4oEpzjNLi + qtm5HNxaFG3fn6JAw6XYLvnHGhC5I
NumrUIsDugWwzvmiUmvJ9rerBf94r48HWCfXe7mt335j6gNH7J07aq50KvQpE3lF
xWdfvLwKaX95oOe1giGUMZGR1ZjhGWuNTc3yfPYqn1Mwkg7PV9JiJNrvviFi6K5B
vcjVNBlf44zQG4UMeZ9T / aoVFtmDifRMDQQ62MdzgJs4AE0U2 + MEbN3NBySbeXID
—– END PRIVATE KEY —–
Email sent from Comodo SSL certificate with the same title as follows: ” Your PositiveSSL Certificate for seosieutoc.com “, in the mail with attachment 1 zip seosieutoc_com.zip consists of two files:

seosieutoc_com.crt
seosieutoc_com.ca-bundle
You use any editor, Notepad ++ for example, open the file seosieutoc_com.crt copy and paste the entire contents of the file on top of seosieutoc_com.ca-bundle saved in the file ssl-bundle.crt

At this time, the certificate file ssl-bundle.crt will contain the contents of two files .crt and .ca-bundle

2. Install SSL certificates

This step alone operation on server installation HocVPS Script the server installed Nginx server manually or else how do you keep reading same carefully to understand. Entanglements place to leave a comment I will support always.

Create a file folder containing the certificate:

mkdir -p / etc / nginx / ssl / seosieutoc_com /
Save the content certificate file in this folder, copy / paste using Nano editor

nano /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt
Save the content shared folder Private Key:

nano /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key
Creating parameters DH 2048 bit file, the process will generate a while:

mkdir / etc / nginx / cert /
openssl-out /etc/nginx/cert/dhparam.pem[19459015dhparam2048]
Next, we will adjust the Nginx configuration file. For example, your domain name is seosieutoc.com the file will be the path configuration is /etc/nginx/conf.d/seosieutoc.com.conf

Open up the configuration file with nano

nano /etc/nginx/conf.d/seosieutoc.com.conf
Configuring SSL processing requests

In block server … 2nd adjusted as follows:

+ Transfer listen 80 default_server ; to listen ssl 443 http2 ;

+ The line server_name seosieutoc.com; add the SSL configuration has been optimized yourself:

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

OCSP ## Stapling
127.0.0.1 resolver;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;

# Improve performance with HTTPS session resumption
ssl_session_cache shared: SSL: 50m;
ssl_session_timeout 1d;

ssl_session_tickets off;

# DH parameters
ssl_dhparam /etc/nginx/cert/dhparam.pem;

# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
Strict-Transport-Security add_header “max-age = 31536000” always;
Redirect entire www http to https link

In block server … at the top:

+ Transfer server_name www.seosieutoc.com ; to server_name seosieutoc.com www.seosieutoc.com ;

+ Transfer rewrite ^ (. *) http : //seosieutoc.com$1 permanent; to rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Results are as follows:

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com ;
rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Now when accessed http://seosieutoc.com and will automatically redirect to http://www.seosieutoc.com https://seosieutoc.com

Redirect entire www https link to https

Add new block server … at the top

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

At this time when access will be automatically redirected to https://www.seosieutoc.com https://seosieutoc.com

Configuring SSL with port management HocVPS Admin Script

If you install SSL for the domain name used HocVPS Script, add SSL configuration required when using the port. For example, if your installation to the default port 2313 .

Find block server … line listen 2313;

Add text and paragraph ssl SSL configuration similar to below:

server {
listen 2313 ssl http2 ;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;


Now HocVPS Script link Admin login will be https://seosieutoc.com

Nginx configuration file will eventually be similar to the following:

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com;
rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server rar

server
ssl http2 listen 2313;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;

location /
$ uri $ uri try_files / /index.php;
location ~ .php $
fastcgi_split_path_info ^ (. + . php) (/.+) $;
include / etc / nginx / fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/seosieutoc.com/private_html$fastcgi_script_name;

location ~ / .
deny all;
Check your Nginx configuration standard view has not

nginx -t
Restart Nginx

service nginx restart
If you use WordPress, install the plugin Really Simple SSL to redirect http to https automatically and transfer the entire link .css, .js to https. The address bar will be green at this time.

Access time to enjoy the fruits domain only. Wish you success.

See also: 

The most searched keywords: dich vu seo, thiết kế biệt thự cổ điển, máy ép bùn khung bản

Why you should focus on improving the speed of web load in 2017

Google AdSense: 10 Methods of optimizing revenue for Web page

Instructions for installing the Comodo SSL certificate
3.18 (63.53%) 170 votes

Top 5 best cache plugins created for WordPress

Top 5 best cache plugins created for WordPress.

Among the methods to improve the speed of loading the blog / website, saving bandwidth and reducing download for hosting, then perhaps create cache (or caching) method is simple and effective. With WordPress we have lots of ways to create a cache, such as: use of plugins, edit file .htaccess and even take advantage of the free services, CDN ( CloudFlare ). The advantage of using plugins is beyond the ability to cache, they also support many other useful options to help optimize resources in a better way.

See also: How to Create a cache plugin for WordPress with WP-FFPC .

In this article, I will introduce you to the top 5 best plugins for creating cache WordPress as of the present time. Hopefully, you will be able to choose for themselves in an appropriate plugin needs to use.

1. W3 Total Cache – Download

"

W3 Total Cache is a professional plug-in to create cache with many useful options. Page set up its extensive cover Page Database Object and Browser Cache compatibility with CDN CloudFlare and options for the server Varnish dedicated. In addition, W3 Total Cache also allows you minify data (html, css, js) to improve loading speed of your blog / website. It is also available a paid version with some more advanced options.

2. ZenCache – Download

"

ZenCache like W3 Total Cache also available on a pay version. Although there are many advanced options, however the basic settings of this plugin is very simple. Pro version now supports MaxCDN and Amazon CloudFront (a CDN dedicated), but it is compatible with many CDN common other.

3. WP Rocket – Details

"

WP Rocket is a great plugin to create a cache for the visitor’s browser (including images, js, css) and Web cache for servers to limit access PHP problems down low. The developers also offer web-crawling software to identify and store your files in a better way. This plugin features are active CDN compatible with CloudFlare .

4. Fastest Cache WP – Download

"

WP Fastest Cache created files HTML adjective PHP and MySQL . It automatically minify HTML and CSS pooling the file CSS and JS allows compression GZIP and create the browser cache. This plugin is compatible with both CloudFlare and MaxCDN .

5. WP Super Cache – Download

"

WP Super Cache is a simple plug-in to create cache, created by the developers WordPress . It’s good support for MaxCDN but is not compatible with CloudFlare . This plugin does not provide the ability to create browser caching. It stores the files in three different ways, with decreasing speed: mod_rewrite PHP and legacy caching .

You are using the plugin to create a buffer (cache) for blog / website WordPress her? Please share with us using the comments below frame.

If you liked this article, please subscribe to my blog to regularly update the best articles, the latest by email offline. Thank you very much. 🙂

Top 5 best cache plugins created for WordPress
5 (100%) 10 vote