diff --git a/README.md b/README.md index cec2287..bbacc71 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # cloudflare_real-ip - Docker mod for SWAG -This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and formats them in a format Nginx can use with `set_real_ip_from`. +This mod adds a startup script that gets the IPs from Cloudflare's edge servers, and outputs them in a format Nginx can use with `set_real_ip_from`. It reads this [list for IPv4](https://www.cloudflare.com/ips-v4), and this [list for IPV6](https://www.cloudflare.com/ips-v6). @@ -20,9 +20,9 @@ real_ip_recursive on; include /config/nginx/cf_real-ip.conf; ``` -~~I also recommend including your docker-network as a valid ip `set_real_ip_from 172.17.0.0/16;` in the snippet above.~~ +This mod also *tries* to detect the real ip from the interfaces in the container. -This mod now also *tries* to set the real ip from the interfaces in the container. +You may need to add this mod (and the above config changes) to every nginx based container being proxied by SWAG. ## Cloudflare tunnels @@ -31,7 +31,6 @@ In this case, please add below to `http` section of `nginx.conf`. From: - ```nginx real_ip_header X-Forwarded-For; real_ip_recursive on; @@ -49,4 +48,5 @@ set_real_ip_from 127.0.0.1; ## Versions +* **16.01.23:** - Format shell scripts. * **21.01.21:** - Fix bug when mod runs before internet-access. diff --git a/root/etc/cont-init.d/98-cloudflare-real-ip b/root/etc/cont-init.d/98-cloudflare-real-ip index 03f0f2d..4155fa6 100644 --- a/root/etc/cont-init.d/98-cloudflare-real-ip +++ b/root/etc/cont-init.d/98-cloudflare-real-ip @@ -1,9 +1,18 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -# shellcheck disable=SC2046 -printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf -printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf -printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf +echo "" >/config/nginx/cf_real-ip.conf + +curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + +curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + +ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done chown abc:abc /config/nginx/cf_real-ip.conf diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run index 03f0f2d..4155fa6 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-cloudflare-real-ip-setup/run @@ -1,9 +1,18 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -# shellcheck disable=SC2046 -printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]') > /config/nginx/cf_real-ip.conf -printf "set_real_ip_from %b;\n" $(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]') >> /config/nginx/cf_real-ip.conf -printf "set_real_ip_from %b;\n" $(ip route | grep -v default | awk '{print $1}') >> /config/nginx/cf_real-ip.conf +echo "" >/config/nginx/cf_real-ip.conf + +curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv4_cidrs[]' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + +curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs[]' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done + +ip route | grep -v default | awk '{print $1}' | while IFS= read -r line; do + echo "set_real_ip_from ${line};" >>/config/nginx/cf_real-ip.conf +done chown abc:abc /config/nginx/cf_real-ip.conf