我该如何自定义雷池的nginx配置 好像有部分信息没有代理

我看到了 相关配置是有的 而且也是我预料中的
但是我没搞懂为什么 上传资源这个链接代理不成功 能帮我分析下吗？ 这是现有自动生成的配置 另外我想拒绝ip访问 因为现在的能够拒绝但是会暴露我的证书 上面有域名相关信息 我希望扫描时能够无感拒绝

1log_format safeline_1 '$remote_addr - $remote_user [$time_local] '
2                    '"$request" $status $body_bytes_sent '
3                    '"$http_referer" "$http_user_agent"';
4upstream backend_1 {
5    server 172.17.0.1:10000;
6    keepalive 128;
7    keepalive_timeout 75;
8}
9map $scheme $hsts_header {
10        https   "max-age=15768000;";
11}
12server {
13    listen 0.0.0.0:9999 ssl http2 default_server backlog=65536 reuseport;
14    server_name _ *.xn--fiqq24b.center;
15    ssl_certificate /etc/nginx/certs/cert_1.crt;
16    ssl_certificate_key /etc/nginx/certs/cert_1.key;
17    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
18    error_page 497 =302 https://$host:$server_port$request_uri;
19    error_page 502 =502 /bad_gateway_page;
20    error_page 504 =504 /gateway_timeout_page;
21    include /etc/nginx/tamper-enabled/site_1/tamper_*;
22    gzip on;
23    brotli on;
24    if ($server_protocol = "HTTP/1.0") { return 444; }
25    location = /forbidden_page {
26        internal;
27        proxy_pass http://unix:/app/sock/tcd_error.sock;
28    }
29    location = /acl_page {
30        internal;
31        proxy_pass http://unix:/app/sock/tcd_error.sock;
32    }
33    location = /bad_gateway_page {
34        internal;
35        proxy_pass http://unix:/app/sock/tcd_error.sock;
36    }
37    location = /gateway_timeout_page {
38        internal;
39        proxy_pass http://unix:/app/sock/tcd_error.sock;
40    }
41    location ^~ /offline_page {
42        internal;
43        add_header cache-control no-cache;
44        proxy_pass http://unix:/app/sock/tcd_error.sock;
45    }
46    location = /auth_defense_page {
47        internal;
48        add_header cache-control no-cache;
49        proxy_pass http://unix:/app/sock/tcd_error.sock;
50    }
51    location ^~ / {
52        proxy_pass http://backend_1;
53        proxy_set_header Host $http_host;
54        include proxy_params;
55        proxy_set_header X-Forwarded-Host $http_host;
56        proxy_set_header X-Forwarded-Proto $scheme;
57        proxy_set_header X-Forwarded-For $remote_addr;
58        include /etc/nginx/custom_params/backend_1;
59        proxy_set_header Accept-Encoding "";
60        proxy_ssl_server_name on;
61        proxy_ssl_name $host;
62        t1k_add_user_data "1";
63        t1k_body_size 1024k;
64        tx_body_size 4k;
65        t1k_error_page 403 /forbidden_page;
66        t1k_error_page 429 /acl_page;
67        t1k_error_page 467 /auth_defense_page;
68        t1k_error_page 466 /offline_page;
69        tx_error_page 403 /forbidden_page;
70        proxy_intercept_errors on;
71    }
72}

1. 上传错误需要提供更具体的错误信息
2. 如果不想 IP 访问，则需要升级到 7.0 版本，而且所有的站点域名不要用 *

是我雷池https到nginx http到网站 中https到http导致的 但是我中间层和雷池是同一本地环境 信任环境下使用http效率更高
我想试一下自定义参数 proxy_set_header X-Forwarded-Proto https; 应该放在哪个路径配置文件中

*.xxx.com 这种情况下都不能用吗 必须一个具体域名才会让Ip拦截生效吗