Skip to content

Instantly share code, notes, and snippets.

@ahmeti
Last active November 7, 2024 08:33
Show Gist options
  • Save ahmeti/a59f9b3a1854f3927d8bf15d69587b9a to your computer and use it in GitHub Desktop.
Save ahmeti/a59f9b3a1854f3927d8bf15d69587b9a to your computer and use it in GitHub Desktop.
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
sudo ufw enable
sudo ufw status numbered
# Aşağıdaki kurallar haricindeki tüm kuralları siliyoruz.
# Diğer kuralları silmek için;
sudo ufw delete kural-numarasi
# Silme işlemlerinden sonra ufw status aşağıda görülmektedir.
To Action From
-- ------ ----
22/tcp LIMIT Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
#!/bin/bash
# See: https://github.com/VirtuBox/nginx-cloudflare-real-ip
NOW="$(date +%Y-%m-%dT%H:%M:%S%z)";
LOG_FILE=/var/log/cloudflare.log
CF_NGINX_FILE=/etc/nginx/conf.d/cloudflare.conf
echo "$NOW Script started..." >> $LOG_FILE
if [ -z "$(command -v curl)" ]; then
echo "$NOW Error: curl is not installed." >> $LOG_FILE
exit 1
fi
if [ ! -f $CF_NGINX_FILE ]; then
echo "Error: nginx cloudflare.conf file not found!"
exit 1
fi
CURL_BIN=$(command -v curl)
CF_IPV4=$($CURL_BIN --silent --fail https://www.cloudflare.com/ips-v4)
CF_IPV6=$($CURL_BIN --silent --fail https://www.cloudflare.com/ips-v6)
if [ "$CF_IPV4" = "" ] || [ "$CF_IPV6" = "" ]; then
echo "$NOW Cloudflare ips-v4 or ips-v6 http error!" >> $LOG_FILE
exit 1
fi
echo "" > $CF_NGINX_FILE
for cf_ip4 in $CF_IPV4; do
echo "set_real_ip_from $cf_ip4;" >> $CF_NGINX_FILE
ufw allow from "$cf_ip4" to any port 443 comment "CloudFlare"
done
for cf_ip6 in $CF_IPV6; do
echo "set_real_ip_from $cf_ip6;" >> $CF_NGINX_FILE
ufw allow from "$cf_ip6" to any port 443 comment "CloudFlare"
done
echo 'real_ip_header CF-Connecting-IP;' >> $CF_NGINX_FILE
ufw reload
service nginx reload
echo "$NOW Script finished..." >> $LOG_FILE
# Her pazar günü 01:00 saatinde güncellenecek.
chmod +x /root/cloudflare.sh
sudo crontab -e
0 1 * * 0 /root/cloudflare.sh > /dev/null 2>&1
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;
server {
server_name _;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server; # ip v6
ssl_reject_handshake on; # ssl doğrulamasını reddediyoruz v1.19.4+
return 444; # Bağlantıyı herhangi bir veri göndermeden kapatıyoruz.
}
# Example Url: https://example.com/test?a=1&b=2
$time_iso8601 = 2024-11-06T05:28:00+00:00
$remote_addr = 216.245.221.84
$status = 200
$request_method = GET
$request_uri = /test?a=1&b=2
$request_id = df3efb9d5a052259e062a21f5e394b8b
$request_length = 1215
$request_time = 0.016
$body_bytes_sent = 4223
$http_referer = https://google.com/test?c=3
$http_user_agent = Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
$http_x_forwarded_for = 14.165.213.190
$scheme = https
$http_host = example.com
$server_protocol = HTTP/2.0
http {
...
log_format log_json escape=json '{"time":"$time_iso8601","ip":"$remote_addr","status":"$status","method":"$request_method","uri":"$request_uri","req_id":"$request_id","req_len":"$request_length","res_time":"$request_time","res_len":"$body_bytes_sent","referer":"$http_referer","agent":"$http_user_agent","xff":"$http_x_forwarded_for","scheme":"$scheme","host":"$http_host","protocol":"$server_protocol"}';
access_log /var/log/nginx/access.log log_json;
...
}
{
"time": "2024-11-06T11:44:34+00:00",
"ip": "14.165.213.190",
"status": "200",
"method": "GET",
"uri": "/home?a=1",
"req_id": "7c465331b90977784692a0d2842519db",
"req_len": "1162",
"res_time": "0.055",
"res_len": "131247",
"referer": "https://example.com/home?b=2",
"agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36",
"xff": "14.165.213.190",
"scheme": "https",
"host": "example.com",
"protocol": "HTTP/2.0"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment