Using CDN for server address ​

# HTTP(NO TLS) ports supported by Cloudflare for nginx server

80
8080
8880
2052
2082
2086
2095

# HTTPS(TLS) ports supported by Cloudflare for nginx server

443
2053
2083
2087
2096
8443

server {
	#listen 443 ssl http2 so_keepalive=on;  #if using tls can enable http2, with cdn acceptable port
    #listen [::]:443 ssl http2;

    listen 8080;
    listen [::]:8080; # cdn acceptable port
    server_name  x.tld.com; # XMPlus cdn server(node) address
    index index.html;
    root /var/www/html;
	
	#If using tls
	ssl_certificate /your/cert/x.tld.com.crt;
    ssl_certificate_key /your/key/x.tld.com.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    client_header_timeout 52w;
    keepalive_timeout 52w;
	
	#tls config ends
	
	
	# cloudflare cdn ip ranges
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;

    real_ip_header CF-Connecting-IP;    

	# GRPC configuration
    location /grpc/Tun { #Your server GRPC ServiceName. Example if your ServiceName is xmplus must be  /xmplus
        if ($content_type !~ "application/grpc") {
            return 404;
        }
        client_max_body_size 0;
        client_body_timeout 60m;
        send_timeout 60m;
        lingering_close always;

        grpc_read_timeout 3m;
        grpc_send_timeout 2m;
        grpc_set_header Host $host;
        grpc_set_header X-Real-IP $remote_addr;
        grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        grpc_pass grpc://127.0.0.1:Listening Port;  #Example if your 8888 must set  grpc_pass grpc://127.0.0.1:8888
    }

	Websocket configuration
    location /xmplus {  #Your server Websocket Path
        if ($http_upgrade != "websocket") {
            return 404;
        }
        proxy_redirect off;
        proxy_pass http://127.0.0.1:Listening Port; #Example if your 8888 must set proxy_pass http://127.0.0.1:8888
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    } 
}

systemctl enable nginx
systemctl start nginx
systemctl restart nginx
systemctl stop nginx

set_real_ip_from 185.143.232.0/22;
set_real_ip_from 92.114.16.80/28;
set_real_ip_from 2.146.0.0/28;
set_real_ip_from 46.224.2.32/29;
set_real_ip_from 83.123.255.56/31;
set_real_ip_from 188.229.116.16/29;
set_real_ip_from 164.138.128.28/31;
set_real_ip_from 94.182.182.28/30;
set_real_ip_from 185.17.115.176/30;
set_real_ip_from 5.213.255.36/31;
set_real_ip_from 185.228.238.0/28;
set_real_ip_from 94.182.153.24/29;
set_real_ip_from 94.101.182.0/27;
set_real_ip_from 158.255.77.238/31;
set_real_ip_from 81.12.28.16/29;
set_real_ip_from 176.65.192.202/31;
set_real_ip_from 2.144.3.128/28;
set_real_ip_from 89.45.48.64/28;
set_real_ip_from 37.32.16.0/27;
set_real_ip_from 37.32.17.0/27;
set_real_ip_from 37.32.18.0/27;
set_real_ip_from 37.32.19.0/27;
set_real_ip_from 185.215.232.0/22;

real_ip_header ar-real-ip;