From 01f83ec708e6b97e7f11563d0b9bd59d627f9768 Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Mon, 16 Jan 2023 10:42:58 -0600
Subject: [PATCH] Add 127.0.0.1 and format shell scripts

---
 README.md                                     | 28 ++-----------------
 root/etc/cont-init.d/98-cloudflare-real-ip    | 17 ++++++++---
 .../run                                       | 17 ++++++++---
 3 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index cec2287..4a3c6de 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # cloudflare_real-ip - Docker mod for SWAG
 
-This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and formats them in a format Nginx can use with `set_real_ip_from`.
+This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and outputs them in a format Nginx can use with `set_real_ip_from`.
 
 It reads this [list for IPv4](https://www.cloudflare.com/ips-v4), and this [list for IPV6](https://www.cloudflare.com/ips-v6).
 
@@ -22,31 +22,9 @@ include /config/nginx/cf_real-ip.conf;
 
 ~~I also recommend including your docker-network as a valid ip `set_real_ip_from 172.17.0.0/16;` in the snippet above.~~
 
-This mod now also *tries* to set the real ip from the interfaces in the container.
-
-## Cloudflare tunnels
-
-In case you use Cloudflare tunnels, real IP might be reported in containers as 127.0.0.1.
-In this case, please add below to `http` section of `nginx.conf`.
-
-From:
-
-
-```nginx
-real_ip_header X-Forwarded-For;
-real_ip_recursive on;
-include /config/nginx/cf_real-ip.conf;
-```
-
-to:
-
-```nginx
-real_ip_header X-Forwarded-For;
-real_ip_recursive on;
-include /config/nginx/cf_real-ip.conf;
-set_real_ip_from 127.0.0.1;
-```
+This mod now adds `127.0.0.1` and *tries* to add the real ip from the interfaces in the container.
 
 ## Versions
 
+* **16.01.23:** - Add 127.0.0.1 and format shell scripts.
 * **21.01.21:** - Fix bug when mod runs before internet-access.
diff --git a/root/etc/cont-init.d/98-cloudflare-real-ip b/root/etc/cont-init.d/98-cloudflare-real-ip
index 03f0f2d..9dd64c1 100644
--- a/root/etc/cont-init.d/98-cloudflare-real-ip
+++ b/root/etc/cont-init.d/98-cloudflare-real-ip
@@ -1,9 +1,18 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-# shellcheck disable=SC2046
 
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf
+echo "set_real_ip_from 127.0.0.1;" >/config/nginx/cf_real-ip.conf
+
+ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
 
 chown abc:abc /config/nginx/cf_real-ip.conf
diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run
index 03f0f2d..9dd64c1 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run
@@ -1,9 +1,18 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-# shellcheck disable=SC2046
 
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf
+echo "set_real_ip_from 127.0.0.1;" >/config/nginx/cf_real-ip.conf
+
+ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
 
 chown abc:abc /config/nginx/cf_real-ip.conf