Merge pull request #559 from linuxserver/swag-cloudflare-real-ip-local-format

Add 127.0.0.1 and format shell scripts

README.md

@@ -1,6 +1,6 @@
 # cloudflare_real-ip - Docker mod for SWAG
 
-This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and formats them in a format Nginx can use with `set_real_ip_from`.
+This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and outputs them in a format Nginx can use with `set_real_ip_from`.
 
 It reads this [list for IPv4](https://www.cloudflare.com/ips-v4), and this [list for IPV6](https://www.cloudflare.com/ips-v6).
 
@@ -20,9 +20,9 @@ real_ip_recursive on;
 include /config/nginx/cf_real-ip.conf;
 ```
 
-~~I also recommend including your docker-network as a valid ip `set_real_ip_from 172.17.0.0/16;` in the snippet above.~~
+This mod also *tries* to detect the real ip from the interfaces in the container.
 
-This mod now also *tries* to set the real ip from the interfaces in the container.
+You may need to add this mod (and the above config changes) to every nginx based container being proxied by SWAG.
 
 ## Cloudflare tunnels
 
@@ -31,7 +31,6 @@ In this case, please add below to `http` section of `nginx.conf`.
 
 From:
 
-
 ```nginx
 real_ip_header X-Forwarded-For;
 real_ip_recursive on;
@@ -49,4 +48,5 @@ set_real_ip_from 127.0.0.1;
 
 ## Versions
 
+* **16.01.23:** - Format shell scripts.
 * **21.01.21:** - Fix bug when mod runs before internet-access.

root/etc/cont-init.d/98-cloudflare-real-ip

@@ -1,9 +1,18 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-# shellcheck disable=SC2046
 
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf
+echo "" >/config/nginx/cf_real-ip.conf
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
 
 chown abc:abc /config/nginx/cf_real-ip.conf

root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run

@@ -1,9 +1,18 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-# shellcheck disable=SC2046
 
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf
-printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf
+echo "" >/config/nginx/cf_real-ip.conf
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
+
+ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do
+    echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf
+done
 
 chown abc:abc /config/nginx/cf_real-ip.conf