Created
March 17, 2023 01:39
-
-
Save ericblue/5474041e0dd0f5a12e5808fd941335f5 to your computer and use it in GitHub Desktop.
Generates configurations for Apache and Nginx in use with CloudFlare for capturing end-user's real IP address using the CF-Connecting-IP header
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Generates configurations for Apache and Nginx in use with CloudFlare for capturing end-user's real IP address using the CF-Connecting-IP header | |
| LATEST_CLOUDFLARE_IPV4_IPS='https://www.cloudflare.com/ips-v4'; | |
| LATEST_CLOUDFLARE_IPV6_IPS='https://www.cloudflare.com/ips-v6'; | |
| function usage() { | |
| echo "Usage: $0 <apache|nginx>"; | |
| } | |
| # Generate configs including the latest published CloudFlare IPs from their text files at https://www.cloudflare.com/ips/ | |
| # NOTE: If using WordPress, make sure to have the CloudFlare plugin activated as enabling this configuration appears to cause issues with the plugin not running | |
| # Apache | |
| # | |
| # Used in conjunction with mod_remoteip | |
| # Instructions: | |
| # Run './cloudflare_remoteip_log_config.sh apache > /etc/apache2/conf-available/remoteip.conf' | |
| # then | |
| # sudo a2enconf remoteip.conf | |
| # sudo a2enmod remoteip | |
| # sudo systemctl reload apache2 | |
| # | |
| function generate_apache_config() { | |
| IPV4_IPS=$(curl -s ${LATEST_CLOUDFLARE_IPV4_IPS} | tr '\n' ' ') | |
| IPV6_IPS=$(curl -s ${LATEST_CLOUDFLARE_IPV6_IPS} | tr '\n' ' ') | |
| echo "RemoteIPHeader CF-Connecting-IP" | |
| echo "" | |
| echo "# IPV4" | |
| echo "RemoteIPTrustedProxy $IPV4_IPS" | |
| echo "" | |
| echo "# IPV6" | |
| echo "RemoteIPTrustedProxy $IPV6_IPS" | |
| } | |
| # Nginx | |
| # | |
| # Used in conjunction with mod_remoteip | |
| # Instructions: | |
| # Run './cloudflare_remoteip_log_config.sh nginx' | |
| # then | |
| # copy config to the nginx default config or respect site config | |
| # sudo systemctl reload nginx | |
| # | |
| function generate_nginx_config() { | |
| IPV4_IPS=$(curl -s ${LATEST_CLOUDFLARE_IPV4_IPS} | awk '{print "set_real_ip_from "$1";"}') | |
| IPV6_IPS=$(curl -s ${LATEST_CLOUDFLARE_IPV6_IPS} | awk '{print "set_real_ip_from "$1";"}') | |
| echo "real_ip_header CF-Connecting-IP;" | |
| echo "" | |
| echo "# IPV4" | |
| echo "$IPV4_IPS" | |
| echo "" | |
| echo "# IPV6" | |
| echo "$IPV6_IPS" | |
| } | |
| if [ $# -lt 1 ] | |
| then | |
| usage; | |
| exit 1; | |
| fi | |
| SERVER_TYPE=$1 | |
| if [ "apache" == "$SERVER_TYPE" ]; then | |
| generate_apache_config | |
| elif [ "nginx" == "$SERVER_TYPE" ]; then | |
| generate_nginx_config | |
| else | |
| usage; | |
| exit 1 | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment