From cb4d33c76e721b32e341b753c34c41b03c7bf567 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 17 Jan 2023 08:06:42 -0600 Subject: [PATCH] Don't add 127.0.0.1 Adjust readme --- README.md | 28 +++++++++++++++++-- root/etc/cont-init.d/98-cloudflare-real-ip | 10 +++---- .../run | 10 +++---- 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 0beb8df..bbacc71 100644 --- a/README.md +++ b/README.md @@ -20,11 +20,33 @@ real_ip_recursive on; include /config/nginx/cf_real-ip.conf; ``` -You may also need to add this mod (and the above config changes) to every nginx based container being proxied by SWAG. +This mod also *tries* to detect the real ip from the interfaces in the container. -This mod now adds `127.0.0.1` and *tries* to add the real ip from the interfaces in the container. +You may need to add this mod (and the above config changes) to every nginx based container being proxied by SWAG. + +## Cloudflare tunnels + +In case you use Cloudflare tunnels, real IP might be reported in containers as 127.0.0.1. +In this case, please add below to `http` section of `nginx.conf`. + +From: + +```nginx +real_ip_header X-Forwarded-For; +real_ip_recursive on; +include /config/nginx/cf_real-ip.conf; +``` + +to: + +```nginx +real_ip_header X-Forwarded-For; +real_ip_recursive on; +include /config/nginx/cf_real-ip.conf; +set_real_ip_from 127.0.0.1; +``` ## Versions -* **16.01.23:** - Add 127.0.0.1 and format shell scripts. +* **16.01.23:** - Format shell scripts. * **21.01.21:** - Fix bug when mod runs before internet-access. diff --git a/root/etc/cont-init.d/98-cloudflare-real-ip b/root/etc/cont-init.d/98-cloudflare-real-ip index 9dd64c1..4155fa6 100644 --- a/root/etc/cont-init.d/98-cloudflare-real-ip +++ b/root/etc/cont-init.d/98-cloudflare-real-ip @@ -1,11 +1,7 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -echo "set_real_ip_from 127.0.0.1;" >/config/nginx/cf_real-ip.conf - -ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do - echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf -done +echo "" >/config/nginx/cf_real-ip.conf curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf @@ -15,4 +11,8 @@ curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[] echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf done +ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + chown abc:abc /config/nginx/cf_real-ip.conf diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run index 9dd64c1..4155fa6 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run @@ -1,11 +1,7 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -echo "set_real_ip_from 127.0.0.1;" >/config/nginx/cf_real-ip.conf - -ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do - echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf -done +echo "" >/config/nginx/cf_real-ip.conf curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf @@ -15,4 +11,8 @@ curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[] echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf done +ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + chown abc:abc /config/nginx/cf_real-ip.conf