The main purpose for me is want to make use their WAF. The reason why i don’t use CF is because they have 100Mb upload limit which cannot be skipped and only using their WAF.
As I know HestiaCP have pre-configured to accept CF as server trusted proxy IP. May i know if ussing Bunny, what should I configure to make HestiaCP grab real IP, traffic..etc from bunnyCDN for my HestiaCP console/website/docker(installed seperately)?
Thanks
Take the Cloudflare configuration file (/etc/nginx/conf.d/cloudflare.inc) as a base and create a new one for Bunny CDN IPs (/etc/nginx/conf.d/bunny.inc).
Also, change this:
real_ip_header CF-Connecting-IP;
to this:
real_ip_header X-Real-IP;
Edit /etc/nginx/nginx.conf and comment out the include pointing to cloudflare.inc and add an include for bunny.inc
# Cloudflare IPs
#include /etc/nginx/conf.d/cloudflare.inc;
# Bunny IPs
include /etc/nginx/conf.d/bunny.inc;
After that, restart nginx.
systemctl restart nginx
Notes:
1.- Keep in mind that, by default, you can only use one CDN to extract the real IP. If you want to use multiple CDNs, you need to recompile Nginx with the headers_more module and configure the .inc file differently. I made a script to get the IPs from Cloudflare, Bunny and Fastly and configure the inc file automatically, but, as I said, you must recompile Nginx first.
2.- You must create a script to update Bunny CDN IPs and populate the .inc file, as they change frequently. Just in case, Bunny IPv4 list and Bunny IPv6 list.