diff --git a/src/content/assets/images/QmePpCr1YsDEBjm5f4TWc5FiEJtQp9ppzHqAuMTvvzEmyz.webp b/src/content/assets/images/QmePpCr1YsDEBjm5f4TWc5FiEJtQp9ppzHqAuMTvvzEmyz.webp deleted file mode 100644 index b105f4ea6..000000000 Binary files a/src/content/assets/images/QmePpCr1YsDEBjm5f4TWc5FiEJtQp9ppzHqAuMTvvzEmyz.webp and /dev/null differ diff --git a/src/content/assets/images/cf-fastip-10.png b/src/content/assets/images/cf-fastip-10.png new file mode 100644 index 000000000..7599b9229 Binary files /dev/null and b/src/content/assets/images/cf-fastip-10.png differ diff --git a/src/content/assets/images/cf-fastip-11.png b/src/content/assets/images/cf-fastip-11.png new file mode 100644 index 000000000..ceba6e7df Binary files /dev/null and b/src/content/assets/images/cf-fastip-11.png differ diff --git a/src/content/assets/images/cf-fastip-2.png b/src/content/assets/images/cf-fastip-2.png new file mode 100644 index 000000000..28e2297d1 Binary files /dev/null and b/src/content/assets/images/cf-fastip-2.png differ diff --git a/src/content/assets/images/cf-fastip-3.png b/src/content/assets/images/cf-fastip-3.png new file mode 100644 index 000000000..29008f0ff Binary files /dev/null and b/src/content/assets/images/cf-fastip-3.png differ diff --git a/src/content/assets/images/cf-fastip-4.png b/src/content/assets/images/cf-fastip-4.png new file mode 100644 index 000000000..14647a53c Binary files /dev/null and b/src/content/assets/images/cf-fastip-4.png differ diff --git a/src/content/assets/images/cf-fastip-5.png b/src/content/assets/images/cf-fastip-5.png new file mode 100644 index 000000000..c4814bf20 Binary files /dev/null and b/src/content/assets/images/cf-fastip-5.png differ diff --git a/src/content/assets/images/cf-fastip-6.png b/src/content/assets/images/cf-fastip-6.png new file mode 100644 index 000000000..54d96666d Binary files /dev/null and b/src/content/assets/images/cf-fastip-6.png differ diff --git a/src/content/assets/images/cf-fastip-7.png b/src/content/assets/images/cf-fastip-7.png new file mode 100644 index 000000000..9a29a09f4 Binary files /dev/null and b/src/content/assets/images/cf-fastip-7.png differ diff --git a/src/content/assets/images/cf-fastip-8.png b/src/content/assets/images/cf-fastip-8.png new file mode 100644 index 000000000..17778d700 Binary files /dev/null and b/src/content/assets/images/cf-fastip-8.png differ diff --git a/src/content/assets/images/cf-fastip-9.png b/src/content/assets/images/cf-fastip-9.png new file mode 100644 index 000000000..a143d505c Binary files /dev/null and b/src/content/assets/images/cf-fastip-9.png differ diff --git a/src/content/assets/images/e98ce10d846475aaec5cf73546d9b5caffefc4c0.webp b/src/content/assets/images/e98ce10d846475aaec5cf73546d9b5caffefc4c0.webp deleted file mode 100644 index 56575fe51..000000000 Binary files a/src/content/assets/images/e98ce10d846475aaec5cf73546d9b5caffefc4c0.webp and /dev/null differ diff --git a/src/content/assets/images/waf-2.png b/src/content/assets/images/waf-2.png deleted file mode 100644 index 266fc7469..000000000 Binary files a/src/content/assets/images/waf-2.png and /dev/null differ diff --git a/src/content/assets/images/waf-6.png b/src/content/assets/images/waf-6.png deleted file mode 100644 index e2edb6dd3..000000000 Binary files a/src/content/assets/images/waf-6.png and /dev/null differ diff --git a/src/content/assets/images/warden-worker-20.png b/src/content/assets/images/warden-worker-20.png deleted file mode 100644 index ef0e1355d..000000000 Binary files a/src/content/assets/images/warden-worker-20.png and /dev/null differ diff --git a/src/content/assets/images/warden-worker-21.png b/src/content/assets/images/warden-worker-21.png deleted file mode 100644 index f749f1c26..000000000 Binary files a/src/content/assets/images/warden-worker-21.png and /dev/null differ diff --git a/src/content/posts/cf-fastip.md b/src/content/posts/cf-fastip.md index c2ccaa5f8..78bc7421c 100644 --- a/src/content/posts/cf-fastip.md +++ b/src/content/posts/cf-fastip.md @@ -2,27 +2,27 @@ category: 教程 description: 使用SaaS、Worker以及各种奇技淫巧来让你的网站解析的IP进行分流优选,提高网站可用性和速度 draft: false -image: ../assets/images/QmePpCr1YsDEBjm5f4TWc5FiEJtQp9ppzHqAuMTvvzEmyz.webp -lang: '' -published: 2025-06-24 +image: ../assets/images/cf-fastip-11.png +lang: "" +published: 2026-01-11 tags: -- Cloudflare SaaS + - Cloudflare SaaS title: 试试Cloudflare IP优选!让Cloudflare在国内再也不是减速器! --- - +> 本教程初始发布时间为 25年6月 #### 未优选 ![QmZoinxZgAzu7Skh7BqsxmDQGU1sXtLLskJcyQuRAQNKww.webp](../assets/images/098f9ee71ae62603022e542878673e19bdcaf196.webp) #### 已优选 -![QmaNVwAwSRvqdL5SrvWVCGCQqmacP3d62yoLxofGscNoKq.webp](../assets/images/e98ce10d846475aaec5cf73546d9b5caffefc4c0.webp) +![](../assets/images/cf-fastip-11.png) --- 结论:可见,优选过的网站响应速度有很大提升,并且出口IP也变多了。这能让你的网站可用性大大提高,并且加载速度显著变快。 -Cloudflare 优选域名:[记录 - AcoFork Blog](/posts/record/#cloudflare-%E4%BC%98%E9%80%89%E5%9F%9F%E5%90%8D) +### Cloudflare优选域名: https://cf.090227.xyz --- @@ -131,9 +131,9 @@ function getProxyPrefix(hostname) { 最后写一条DNS解析 `CNAME gitea.afo.im --> 社区优选域名,如 cf.090227.xyz` 即可 -# 针对于A、AAAA、CNAME(SaaS接入) +# 传统优选 > [!WARNING] -> 记得将 SSL 改为灵活 +> Cloudflare最近将新接入的域名SSL默认设为了完全,记得将 SSL 改为灵活。 > ![](../assets/images/cf-fastip-1.png) > 我们需要**一个域名或两个域名**(单域名直接用子域名即可。双域名比如:onani.cn和acofork.cn)。 @@ -150,7 +150,7 @@ function getProxyPrefix(hostname) { 1. 首先新建一个DNS解析,指向你的**源站**,**开启cf代理** ![QmfBKgDe77SpkUpjGdmsxqwU2UabvrDAw4c3bgFiWkZCna.webp](../assets/images/c94c34ee262fb51fb5697226ae0df2d804bf76fe.webp) -2. 前往**辅助域名**的 SSL/TLS -> 自定义主机名。设置回退源为你刚才的DNS解析的域名(xlog.acofork.cn) +2. 前往**辅助域名**的 SSL/TLS -> 自定义主机名。设置回退源为你刚才的DNS解析的域名:xlog.acofork.cn(推荐 **HTTP 验证** ) 3. 点击添加自定义主机名。设置一个自定义主机名,比如 `onani.cn` ,然后选择**自定义源服务器**,填写第一步的域名,即 `xlog.acofork.cn` 。 @@ -158,15 +158,16 @@ function getProxyPrefix(hostname) { ![QmRYrwjeDMDQCj8G9RYkpjC3X4vpwE77wpNpbqKURwBber.webp](../assets/images/f6170f009c43f7c6bee4c2d29e2db7498fa1d0dc.webp) -4. 继续在你的辅助域名添加一条解析。CNAME到优选节点:cloudflare.182682.xyz,**不开启cf代理** +3. 继续在你的辅助域名添加一条解析。CNAME到优选节点:如cloudflare.182682.xyz,**不开启cf代理** ![QmNwkMqDEkCGMu5jsgE6fj6qpupiqMrqqQtWeAmAJNJbC4.webp](../assets/images/4f9f727b0490e0b33d360a2363c1026003060b29.webp) -5. 最后在你的主力域名添加解析。域名为之前在辅助域名的自定义主机名(onani.cn),目标为刚才的cdn.acofork.cn,**不开启cf代理** +4. 最后在你的主力域名添加解析。域名为之前在辅助域名的自定义主机名(onani.cn),目标为刚才的cdn.acofork.cn,**不开启cf代理** ![QmeK3AZghae4J4LcJdbPMxBcmoNEeF3hXNBmtJaDki8HYt.webp](../assets/images/6f51cb2a42140a9bf364f88a5715291be616a254.webp) -6. 优选完毕,尝试访问 +5. 优选完毕,确保优选有效后尝试访问 +![](../assets/images/cf-fastip-10.png) -7. (可选)你也可以将cdn子域的NS服务器更改为阿里云\华为云\腾讯云云解析做线路分流解析 +6. (可选)你也可以将cdn子域的NS服务器更改为阿里云\华为云\腾讯云云解析做线路分流解析 > 优选工作流:用户访问 -> 由于最终访问的域名设置了CNAME解析,所以实际上访问了cdn.acofork.cn,并且携带 **源主机名:onani.cn** -> 到达cloudflare.182682.xyz进行优选 -> 优选结束,cf边缘节点识别到了携带的 **源主机名:onani.cn** 查询发现了回退源 -> 回退到回退源内容(xlog.acofork.cn) -> 访问成功 @@ -180,27 +181,35 @@ function getProxyPrefix(hostname) { 1. 在Workers中添加路由,然后直接将你的路由域名从指向`xxx.worker.dev`改为`cloudflare.182682.xyz`等优选域名即可 ---- +# 针对于Cloudflare Tunnel(ZeroTrust) +请先参照 [常规SaaS优选](#传统优选) 设置完毕,源站即为 Cloudflare Tunnel。正常做完SaaS接入即可 +![](../assets/images/cf-fastip-2.png) +![](../assets/images/cf-fastip-3.png) -### 疑难解答 +接下来我们需要让打到 Cloudflare Tunnel 的流量正确路由,否则访问时主机名不在Tunnel中,会触发 **catch: all** 规则,总之就是没法访问。首先随便点开一个隧道编辑 +![](../assets/images/cf-fastip-4.png) -1. Q:如果我的源站使用Cloudflare Tunnels - A:需要在Tunnels添加两个规则,一个指向你的辅助域名,一个指向最终访问的域名。然后删除最终访问域名的DNS解析(**但是不要直接在Tunnels删,会掉白名单,导致用户访问404**)。然后跳过第一步 - - > 原理:假设你已经配置完毕,但是Cloudflare Tunnels只设置了一个规则。 - > 分类讨论,假如你设置的规则仅指向辅助域名,那么在优选的工作流中:用户访问 -> 由于最终访问的域名设置了CNAME解析,所以实际上访问了cdn.acofork.cn,并且携带 **源主机名:onani.cn** -> 到达cloudflare.182682.xyz进行优选 -> 优选结束,cf边缘节点识别到了携带的 **源主机名:onani.cn** 查询发现了回退源 -> 回退源检测 **源主机名:onani.cn**不在白名单 -> 报错 404 Not Found。访问失败 - > 分类讨论,假如你设置的规则仅指向最终访问的域名,那么在优选的工作流中:用户访问 -> 由于最终访问的域名设置了CNAME解析,所以实际上访问了cdn.acofork.cn -> 由于cdn.acofork.cn不在Tunnels白名单,则访问失败 +打开浏览器F12,直接保存,抓包请求 +![](../assets/images/cf-fastip-5.png) + +抓包 **PUT** 请求,右键复制为 **cURL** +![](../assets/images/cf-fastip-6.png) + +![](../assets/images/cf-fastip-7.png) + +打开 **Postman** 粘贴整个请求,导航到 **Body** 页,添加一个新项目, **hostname** 为你优选后(最终访问)的域名, **service** 为一个正确的源。然后 **Send** ! +![](../assets/images/cf-fastip-8.png) + +接下来,控制台会自动多出来一个新的域名,再次访问就正常了 + +*至于为什么要这么做,因为你要添加的域名可能并不在你的 Cloudflare 账户中,而控制台的添加仅能添加CF账户内的域名,所以需要抓包曲线救国* + +![](../assets/images/cf-fastip-9.png) --- -3. Q:如果我的源站使用了Cloudflare Origin Rule(端口回源) - A:需要将规则的生效主机名改为最终访问的域名,否则不触发回源策略(会导致辅助域名无法访问,建议使用Cloudflare Tunnels) - - > 原理:假设你已经配置完毕,但是Cloudflare Origin Rule(端口回源)规则的生效主机名为辅助域名 - > 那么在优选的工作流中:用户访问 -> 由于最终访问的域名设置了CNAME解析,所以实际上访问了cdn.acofork.cn,并且携带 **源主机名:onani.cn** -> 到达cloudflare.182682.xyz进行优选 -> 优选结束,cf边缘节点识别到了携带的 **源主机名:onani.cn** 查询发现了回退源 -> 回退到回退源内容(xlog.acofork.cn)-> 但是由于**源主机名:onani.cn**不在Cloudflare Origin Rule(端口回源)的规则中 -> 无法触发回源策略,访问失败 +# 针对于使用了各种CF规则的网站 +你只需要让规则针对于你的最终访问域名,因为CF的规则是看主机名的,而不是看是由谁提供的 -4. Q:如果我的源站使用serv00 - A:需要在WWW Web Site界面添加两个规则,一个指向你的辅助域名,一个指向最终访问的域名。 - - > 原理:假设你已经配置完毕,但是serv00仅配置其中一个域名 - > 那么在优选的工作流中:会导致访问错误,serv00将会拦截不在白名单的域名请求 +# 针对于虚拟主机 +保险起见,建议将源站和优选域名同时绑定到你的虚拟主机,保证能通再一个个删 \ No newline at end of file