#自架 — Public Fediverse posts on home.social

聯邦宇宙疑難雜症分享：Cloudflare WAF 防火牆的坑 😫
嗨，各位聯邦宇宙的朋友們！
最近在自己搭建 Misskey 和 Mastodon 節點玩，全部都用 Docker 架設，並透過 Cloudflare Tunnel 轉發流量，過程其實蠻順利的。
但是！我發現一個超級困擾的問題：我的節點跟其他節點有些交互行為就是無法正常運作！
一開始我還以為是我 Docker 設定有問題，或者是 Misskey/Mastodon 配置錯誤，搞得我焦頭爛額... 🤯
結果，經過我地毯式的追查，終於發現罪魁禍首是 Cloudflare 的 WAF (Web Application Firewall) 防火牆！它預設擋掉了很多聯邦宇宙（ActivityPub）需要的 API 請求和 User Agent，導致節點間無法正常溝通。
如果你也遇到類似的問題，記得去 Cloudflare WAF 設定中，將以下規則設定為「允許 (Allow)」，才能讓聯邦宇宙的流量順暢通行：
(starts_with(http.request.uri.path, "/api/")) or (starts_with(http.request.uri.path, "/users/")) or (starts_with(http.request.uri.path, "/@")) or (starts_with(http.request.uri.path, "/notes/")) or (starts_with(http.request.uri.path, "/inbox")) or (starts_with(http.request.uri.path, "/outbox")) or (starts_with(http.request.uri.path, "/authorize_interaction")) or (starts_with(http.request.uri.path, "/oauth/")) or (starts_with(http.request.uri.path, "/.well-known/")) or (starts_with(http.request.uri.path, "/actor")) or (starts_with(http.request.uri.path, "/objects/")) or (starts_with(http.request.uri.path, "/activities/")) or (starts_with(http.request.uri.path, "/c/")) or (starts_with(http.request.uri.path, "/u/")) or (starts_with(http.request.uri.path, "/post/")) or (starts_with(http.request.uri.path, "/comment/")) or (http.user_agent contains "Mastodon") or (http.user_agent contains "Misskey") or (http.user_agent contains "Pleroma") or (http.user_agent contains "Friendica") or (http.user_agent contains "Akkoma") or (http.user_agent contains "Pixelfed") or (http.user_agent contains "PeerTube") or (http.user_agent contains "Lemmy") or (http.user_agent contains "Kbin") or (http.user_agent contains "Mbin") or (http.user_agent contains "Bookwyrm") or (http.user_agent contains "Funkwhale") or (http.user_agent contains "Mobilizon") or (http.user_agent contains "Owncast") or (http.user_agent contains "Castopod") or (http.user_agent contains "WriteFreely") or (http.user_agent contains "Plume") or (http.user_agent contains "Sharkey") or (http.user_agent contains "Firefish") or (http.user_agent contains "Iceshrimp") or (http.user_agent contains "Foundkey") or (http.user_agent contains "Calckey") or (http.user_agent contains "GoToSocial") or (http.user_agent contains "Takahē") or (http.user_agent contains "Takahe") or (http.user_agent contains "Hometown") or (http.user_agent contains "Glitch") or (http.user_agent contains "ActivityPub") or (http.user_agent contains "http.rb") or (any(http.request.headers["accept"][*] == "application/activity+json")) or (any(http.request.headers["accept"][*] == "application/ld+json")) or (any(http.request.headers["content-type"][*] == "application/activity+json")) or (any(http.request.headers["content-type"][*] == "application/ld+json"))
希望能幫到其他也在自架節點的朋友們，少走一點彎路！🚀

#Misskey #Mastodon #ActivityPub #聯邦宇宙 #Fediverse #Cloudflare #Docker #自架 #踩坑記錄