请教cloudflare配置dns解析以后，newapi站通过域名访问接口报错

照着论坛里这位佬的教程配置了一下域名解析到自己搭的 newapi 站 帖子地址，可以正常通过域名访问new-api站，但是通过域名调用 api 的时候，就会报错 403，我测试过通过 IP 地址的话就能正常调用。这是我的 nginx 配置文件

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    sendfile on;
    keepalive_timeout 65;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen 443 ssl;
        server_name api.xxxx.me;
    
        ssl_certificate /crt/xxxx.me.pem;
        ssl_certificate_key /crt/xxxx.me-key.pem;
        ssl_trusted_certificate /crt/origin_ca_rsa_root.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'HIGH:!aNULL:!MD5';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options DENY;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        location / {
            proxy_pass http://172.18.0.4:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
        }
    }
    
    server {
        listen 443 ssl;
        server_name fastgpt.xxxx.me;
    
        ssl_certificate /crt/xxxx.me.pem;
        ssl_certificate_key /crt/xxxx.me-key.pem;
        ssl_trusted_certificate /crt/origin_ca_rsa_root.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'HIGH:!aNULL:!MD5';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options DENY;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        location / {
            proxy_pass http://172.18.0.7:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
        }
    }

    server {
        listen 80;
        server_name api.xxxx.me;
        return 301 https://$host$request_uri;
    }
    
    server {
        listen 80;
        server_name fastgpt.xxxx.me;
        return 301 https://$host$request_uri;
    }
}

这是错误的响应包，好像是出发了什么cloudflare的安全机制。

{
  "status": 403,
  "headers": {
    "accept-ch": "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA",
    "alt-svc": "h3=\":443\"; ma=86400",
    "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0",
    "cf-chl-out": "OXSrmLa2FgpALCBJyHxMEhhSwe1DNuDlt20QBS2kO/jIUT+r8yPB/gsuGw2SM3ZdKwsYfkKpK35HvPZSZg7rTRBJFGt1ZSCd2QTMLe4Cszg=$3qDuFSQDs+tj0MFwDJYUoA==",
    "cf-mitigated": "challenge",
    "cf-ray": "8fa90515781769c8-LAX",
    "content-encoding": "zstd",
    "content-type": "text/html; charset=UTF-8",
    "critical-ch": "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA",
    "cross-origin-embedder-policy": "require-corp",
    "cross-origin-opener-policy": "same-origin",
    "cross-origin-resource-policy": "same-origin",
    "date": "Tue, 31 Dec 2024 08:50:03 GMT",
    "expires": "Thu, 01 Jan 1970 00:00:01 GMT",
    "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}",
    "origin-agent-cluster": "?1",
    "permissions-policy": "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()",
    "referrer-policy": "same-origin",
    "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=vx%2F%2BKwPOtnIKexRvLmsrIvboGbDUJIwWQubQUAWKLvutc54dByPWfzzddg1HHXsb%2FZ7pBh%2BB7UuHX7tKpGNW04JIKJSKSsPVdab59UirEhEWkcZ%2BAN1G%2Bvb7qrVprkjc6WfTd2gCKYkU1XOJgQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}",
    "server": "cloudflare",
    "server-timing": "cfL4;desc=\"?proto=TCP&rtt=197676&min_rtt=197293&rtt_var=74258&sent=7&recv=13&lost=0&retrans=0&sent_bytes=3990&recv_bytes=9418&delivery_rate=20679&cwnd=248&unsent_bytes=0&cid=84292f2112489068&ts=212&x=0\"",
    "vary": "Accept-Encoding",
    "x-content-options": "nosniff"
  }
}

总结就是可以通过域名访问站点，但是通过域名调用api不行
希望佬们能给点提示或者解决方法

抱歉兄弟,我技术不精

佬，不怪你，能写出教程就帮了我很大忙了，我自己研究得走多少弯路

不会自己写的nignx配置吧，装个宝塔反代一下1分钟就解决了

cf设置灵活试试先？

错误日志没贴全，盲猜是你证书的问题？
不行装个 NPM 之类的_(:з」∠)_

感谢提醒，已经修改，问了问gpt，说是握手失败，和请求体过大的错误

在捣鼓捣鼓，最后不行的话就用宝塔了

直接用宝塔，后续维护也方便简单点

改了宝塔，还是一样，好像是使用域名调用接口触发了cloudflare的什么安全机制，给拒绝访问了

上日志截图

已经解决了佬，cloudflare的waf规则给我的接口调用请求全都阻止了，我去加了个规则让他把接口调用的规则给放行了，具体为啥触发安全限制我也不太清楚

此话题已在最后回复的 30 天后被自动关闭。不再允许新回复。