add cloudflare.conf include file support

and tools/csfcf.sh script to update cloudflare.conf include file https://community.centminmod.com/posts/26591/ using command manually or setup a cronjob [CODE] /usr/local/src/centminmod/tools/csfcf.sh auto [/CODE]
centminmod · Feb 15, 2016 · 364f835 · 364f835
1 parent cd8349c
commit 364f835
Show file tree

Hide file tree

Showing 7 changed files with 233 additions and 0 deletions.
diff --git a/config/nginx/cloudflare.conf b/config/nginx/cloudflare.conf
@@ -0,0 +1,21 @@
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 104.16.0.0/12;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 131.0.72.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 199.27.128.0/21;
+#set_real_ip_from 2400:cb00::/32;
+#set_real_ip_from 2405:8100::/32;
+#set_real_ip_from 2405:b500::/32;
+#set_real_ip_from 2606:4700::/32;
+#set_real_ip_from 2803:f800::/32;
+real_ip_header CF-Connecting-IP;
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
@@ -29,6 +29,9 @@ limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
 more_set_headers "Server: nginx centminmod";
 more_set_headers "X-Powered-By: centminmod";
 
+# uncomment cloudflare.conf include if using cloudflare for
+# server and/or vhost site
+#include /usr/local/nginx/conf/cloudflare.conf;
 include /usr/local/nginx/conf/maintenance.conf;
 include /usr/local/nginx/conf/vts_http.conf;
 include /usr/local/nginx/conf/geoip.conf;

diff --git a/inc/nginx_addvhost.inc b/inc/nginx_addvhost.inc
@@ -293,6 +293,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -393,6 +396,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -462,6 +468,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files

diff --git a/inc/wpsetup.inc b/inc/wpsetup.inc
@@ -616,6 +616,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -744,6 +747,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -842,6 +848,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   #include /usr/local/nginx/conf/wpincludes/${vhostname}/wpcacheenabler_${vhostname}.conf;

diff --git a/tools/csfcf.sh b/tools/csfcf.sh
@@ -0,0 +1,173 @@
+#!/bin/bash
+###############################
+# written by George Liu (eva2000)
+# centminmod.com
+###############################
+CFIPLOG='/root/cfips.txt'
+CFIP6LOG='/root/cfips6.txt'
+CFIPNGINXLOG='/root/cfnginxlog.log'
+CFIPCSFLOG='/root/csf_log.log'
+CFINCLUDEFILE='/usr/local/nginx/conf/cloudflare.conf'
+###############################
+if [[ ! -f /usr/bin/curl ]]; then
+	echo "Installing curl please wait..."
+	yum -y -q install curl
+fi
+###############################
+ipv4get() {
+	/usr/bin/curl -s https://www.cloudflare.com/ips-v4 > $CFIPLOG
+
+	CFIPS=$(cat $CFIPLOG)
+
+	echo "--------------------------------------------"
+	echo " Downloading Cloudflare IP list"
+	echo " from: https://www.cloudflare.com/ips-v4"
+	echo "--------------------------------------------"
+	echo ""
+	echo "--------------------------------------------"
+	echo " Format for Centminmod.com Nginx Installer"
+	echo "  1). add to nginx.conf"
+	echo "  2). add to /etc/csf/csf.allow"
+	echo "--------------------------------------------"
+
+	for ip in $CFIPS; 
+	do
+		echo "set_real_ip_from $ip;" >> $CFIPNGINXLOG
+		echo "csf -a $ip cloudflare" >> $CFIPCSFLOG
+	done
+	echo "real_ip_header CF-Connecting-IP;" >> $CFIPNGINXLOG
+
+	echo "--------------------------------------------"
+	echo "  1). add to nginx.conf"
+	echo "--------------------------------------------"
+	cat $CFIPNGINXLOG
+
+	echo ""
+
+	echo "--------------------------------------------"
+	echo "  2). add to /etc/csf/csf.allow"
+	echo "--------------------------------------------"
+	cat $CFIPCSFLOG
+
+	rm -rf $CFIPLOG
+	rm -rf $CFIPNGINXLOG
+	rm -rf $CFIPCSFLOG
+
+	echo "--------------------------------------------"
+}
+
+###############################
+ipv6get() {
+	/usr/bin/curl -s https://www.cloudflare.com/ips-v6 > $CFIP6LOG
+
+	CFIPS=$(cat $CFIP6LOG)
+
+	echo "--------------------------------------------"
+	echo " Downloading Cloudflare IP list"
+	echo " from: https://www.cloudflare.com/ips-v6"
+	echo "--------------------------------------------"
+	echo ""
+	echo "--------------------------------------------"
+	echo " Format for Centminmod.com Nginx Installer"
+	echo "  1). add to nginx.conf"
+	echo "  2). add to /etc/csf/csf.allow"
+	echo "--------------------------------------------"
+
+	for ip in $CFIPS; 
+	do
+		echo "set_real_ip_from $ip;" >> $CFIPNGINXLOG
+		echo "csf -a $ip cloudflare" >> $CFIPCSFLOG
+	done
+	echo "real_ip_header CF-Connecting-IP;" >> $CFIPNGINXLOG
+
+	echo "--------------------------------------------"
+	echo "  1). add to nginx.conf"
+	echo "--------------------------------------------"
+	cat $CFIPNGINXLOG
+
+	echo ""
+
+	echo "--------------------------------------------"
+	echo "  2). add to /etc/csf/csf.allow"
+	echo "--------------------------------------------"
+	cat $CFIPCSFLOG
+
+	rm -rf $CFIPLOG
+	rm -rf $CFIPNGINXLOG
+	rm -rf $CFIPCSFLOG
+
+	echo "--------------------------------------------"
+}
+
+###############################
+csfadd() {
+	/usr/bin/curl -s https://www.cloudflare.com/ips-v4 > $CFIPLOG
+	/usr/bin/curl -s https://www.cloudflare.com/ips-v6 > $CFIP6LOG
+
+	CFIPS=$(cat $CFIPLOG)
+	CFIP6S=$(cat $CFIP6LOG)
+
+	echo "--------------------------------------------"
+	echo " Add Cloudflare IP list to CSF"
+	echo " from: https://www.cloudflare.com/ips-v4"
+	echo " from: https://www.cloudflare.com/ips-v6"
+	echo "--------------------------------------------"
+	echo ""
+
+
+	echo "--------------------------------------------"
+	echo "  Add to /etc/csf/csf.allow"
+	echo "--------------------------------------------"
+
+	for ip in $CFIPS; 
+	do
+		csf -a $ip cloudflare
+	done
+
+	for ip in $CFIP6S; 
+	do
+		csf -a $ip cloudflare
+	done
+}
+
+###############################
+nginxsetup() {
+	echo
+	# echo "create $CFINCLUDEFILE include file"
+	echo > $CFINCLUDEFILE
+	cflista=$(/usr/bin/curl -s https://www.cloudflare.com/ips-v4)
+	cflistb=$(/usr/bin/curl -s https://www.cloudflare.com/ips-v6)
+	for i in $cflista; do
+        	echo "set_real_ip_from $i;" >> $CFINCLUDEFILE
+	done
+	for i in $cflistb; do
+        	echo "#set_real_ip_from $i;" >> $CFINCLUDEFILE
+	done
+	echo "real_ip_header CF-Connecting-IP;" >> $CFINCLUDEFILE
+	service nginx reload >/dev/null 2>&1
+	echo "created $CFINCLUDEFILE include file"
+}
+
+###############################
+case "$1" in
+ipv4)
+	ipv4get
+;;
+ipv6)
+	ipv6get
+;;
+csf)
+	csfadd
+;;
+nginx)
+	nginxsetup
+;;
+auto)
+	csfadd
+	nginxsetup
+;;
+*)
+echo "$0 {ipv4|ipv6|csf|nginx|auto}"
+;;
+esac
+exit
diff --git a/tools/nv.sh b/tools/nv.sh
@@ -510,6 +510,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   location / {
@@ -600,6 +603,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   location / {
@@ -664,6 +670,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   location / {

diff --git a/tools/nvwp.sh b/tools/nvwp.sh
@@ -558,6 +558,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -665,6 +668,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   # prevent access to ./directories and files
@@ -746,6 +752,9 @@ server {
   error_log /home/nginx/domains/$vhostname/log/error.log;
 
   root /home/nginx/domains/$vhostname/public;
+  # uncomment cloudflare.conf include if using cloudflare for
+  # server and/or vhost site
+  #include /usr/local/nginx/conf/cloudflare.conf;
   include /usr/local/nginx/conf/503include-main.conf;
 
   location / {