Last active
October 17, 2020 08:29
-
-
Save jaw-sh/8dc7c1469af060bbe579c02588e80530 to your computer and use it in GitHub Desktop.
Bash file to pull Cloudflare IPs from their API endpoints. Can be used in CRON jobs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Author: Joshua Moon <josh@jaw.sh> | |
# Date: 14-May-2016 | |
# Purpose: Creates an up-to-date Cloudflare nginx config file. | |
# License: MIT | |
################################################################################ | |
# INSTRUCTIONS | |
################################################################################ | |
# | |
# * Set correct values for below variables. | |
# | |
# NGINX_CONFIG | |
# NGINX_REAL_IP_HEADER | |
# NGINX_RELOAD | |
# | |
# | |
# * Add crontab job. This example would add it to root to run once a day. | |
# | |
# # crontab -e -u root | |
# 0 0 * * * bash /etc/nginx/cloudflare.sh | |
# | |
# * Make sure 'crond' service is running and boots with system startup. | |
# | |
# # ---- On RHEL/CentOS ---- | |
# # chkconfig --level 345 crond on | |
# # /etc/init.d/crond status | |
# | |
# # ---- On Debian/Ubuntu ---- | |
# # update-rc.d cron defaults | |
# # /etc/init.d/cron status | |
# | |
# * | |
# | |
################################################################################ | |
# CUSTOMIZABLE VARIABLES | |
################################################################################ | |
# Cloudflare API Points | |
export URL_CF_IPV4="https://www.cloudflare.com/ips-v4" | |
export URL_CF_IPV6="https://www.cloudflare.com/ips-v6" | |
# Where the cloudflare.conf set_real_ip nginx configuration file goes. | |
# If you place this in your nginx root directory, this should suffice with | |
# default configuration. | |
export NGINX_CONFIG="/etc/nginx/conf.d/cloudflare.conf" | |
# Either of these work. Cloudflare provides both as reference, so do I. | |
export NGINX_REAL_IP_HEADER="CF-Connecting-IP" | |
#export NGINX_REAL_IP_HEADER="X-Forwarded-For" | |
# The line ran to reload config after it has been updated. | |
export NGINX_RELOAD="service nginx reload" | |
################################################################################ | |
# COMMAND NAMES | |
################################################################################ | |
export CMD_CAT="cat" | |
export CMD_CURL="curl" | |
export CMD_DATE="date" | |
export CMD_TOUCH="touch" | |
export CMD_TRUNCATE="truncate" | |
################################################################################ | |
# SCRIPT | |
################################################################################ | |
# Truncate existing files. | |
${CMD_TOUCH} ${NGINX_CONFIG} | |
${CMD_TRUNCATE} --size 0 ${NGINX_CONFIG} | |
# Generate a file header. | |
export TODAY_DATE=$(${CMD_DATE}) | |
echo "# File automatically generated on ${TODAY_DATE}" >> ${NGINX_CONFIG} | |
# Contact the IPv4 list. | |
curl -sL ${URL_CF_IPV4} | while read CIDR | |
do | |
echo "set_real_ip_from ${CIDR};" >> ${NGINX_CONFIG} | |
done | |
# Contact the IPv6 list. | |
curl -sL ${URL_CF_IPV6} | while read CIDR | |
do | |
echo "set_real_ip_from ${CIDR};" >> ${NGINX_CONFIG} | |
done | |
echo "" >> ${NGINX_CONFIG} | |
echo "real_ip_header ${NGINX_REAL_IP_HEADER};" >> ${NGINX_CONFIG} | |
# Echo the file contents. | |
${CMD_CAT} ${NGINX_CONFIG} | |
# Reload nginx. | |
${NGINX_RELOAD} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment