Created
September 12, 2017 19:52
-
-
Save MikeDacre/df4fa090cfb06bad79dffd400af4088d to your computer and use it in GitHub Desktop.
Sync cloudflare IPs with NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx- | |
| # Save this file to /usr/bin/clodflare_refresh_nginx.sh | |
| # Add the line "include /etc/nginx/global/cloudflare-ip.conf" to the server | |
| # block of every nginx site you wish to expose the real IP for | |
| # Add crontab (run a 03:05 every day): 5 3 * * * /usr/bin/clodflare_refresh_nginx.sh >/dev/null 2>&1 | |
| NGINX_CONF=/etc/nginx/global/cloudflare-ip.conf | |
| curl https://www.cloudflare.com/ips-v4 | perl -p -e 's/^(.*)$/set_real_ip_from \1;/g' > $NGINX_CONF | |
| curl https://www.cloudflare.com/ips-v6 | perl -p -e 's/^(.*)$/set_real_ip_from \1;/g' >> $NGINX_CONF | |
| # use any of the following two | |
| echo "real_ip_header CF-Connecting-IP;" >> $NGINX_CONF | |
| # echo "real_ip_header X-Forwarded-For;" >> $NGINX_CONF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For CentOS 7, there are packages with those lists, which can be updated via
yum update.