Last active
November 7, 2024 08:33
-
-
Save ahmeti/a59f9b3a1854f3927d8bf15d69587b9a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To disable tunneled clear text passwords, change to no here! | |
PasswordAuthentication no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PermitRootLogin no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo ufw enable | |
sudo ufw status numbered | |
# Aşağıdaki kurallar haricindeki tüm kuralları siliyoruz. | |
# Diğer kuralları silmek için; | |
sudo ufw delete kural-numarasi | |
# Silme işlemlerinden sonra ufw status aşağıda görülmektedir. | |
To Action From | |
-- ------ ---- | |
22/tcp LIMIT Anywhere | |
22/tcp (v6) LIMIT Anywhere (v6) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# See: https://github.com/VirtuBox/nginx-cloudflare-real-ip | |
NOW="$(date +%Y-%m-%dT%H:%M:%S%z)"; | |
LOG_FILE=/var/log/cloudflare.log | |
CF_NGINX_FILE=/etc/nginx/conf.d/cloudflare.conf | |
echo "$NOW Script started..." >> $LOG_FILE | |
if [ -z "$(command -v curl)" ]; then | |
echo "$NOW Error: curl is not installed." >> $LOG_FILE | |
exit 1 | |
fi | |
if [ ! -f $CF_NGINX_FILE ]; then | |
echo "Error: nginx cloudflare.conf file not found!" | |
exit 1 | |
fi | |
CURL_BIN=$(command -v curl) | |
CF_IPV4=$($CURL_BIN --silent --fail https://www.cloudflare.com/ips-v4) | |
CF_IPV6=$($CURL_BIN --silent --fail https://www.cloudflare.com/ips-v6) | |
if [ "$CF_IPV4" = "" ] || [ "$CF_IPV6" = "" ]; then | |
echo "$NOW Cloudflare ips-v4 or ips-v6 http error!" >> $LOG_FILE | |
exit 1 | |
fi | |
echo "" > $CF_NGINX_FILE | |
for cf_ip4 in $CF_IPV4; do | |
echo "set_real_ip_from $cf_ip4;" >> $CF_NGINX_FILE | |
ufw allow from "$cf_ip4" to any port 443 comment "CloudFlare" | |
done | |
for cf_ip6 in $CF_IPV6; do | |
echo "set_real_ip_from $cf_ip6;" >> $CF_NGINX_FILE | |
ufw allow from "$cf_ip6" to any port 443 comment "CloudFlare" | |
done | |
echo 'real_ip_header CF-Connecting-IP;' >> $CF_NGINX_FILE | |
ufw reload | |
service nginx reload | |
echo "$NOW Script finished..." >> $LOG_FILE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Her pazar günü 01:00 saatinde güncellenecek. | |
chmod +x /root/cloudflare.sh | |
sudo crontab -e | |
0 1 * * 0 /root/cloudflare.sh > /dev/null 2>&1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set_real_ip_from 173.245.48.0/20; | |
set_real_ip_from 103.21.244.0/22; | |
set_real_ip_from 103.22.200.0/22; | |
set_real_ip_from 103.31.4.0/22; | |
set_real_ip_from 141.101.64.0/18; | |
set_real_ip_from 108.162.192.0/18; | |
set_real_ip_from 190.93.240.0/20; | |
set_real_ip_from 188.114.96.0/20; | |
set_real_ip_from 197.234.240.0/22; | |
set_real_ip_from 198.41.128.0/17; | |
set_real_ip_from 162.158.0.0/15; | |
set_real_ip_from 104.16.0.0/13; | |
set_real_ip_from 104.24.0.0/14; | |
set_real_ip_from 172.64.0.0/13; | |
set_real_ip_from 131.0.72.0/22; | |
set_real_ip_from 2400:cb00::/32; | |
set_real_ip_from 2606:4700::/32; | |
set_real_ip_from 2803:f800::/32; | |
set_real_ip_from 2405:b500::/32; | |
set_real_ip_from 2405:8100::/32; | |
set_real_ip_from 2a06:98c0::/29; | |
set_real_ip_from 2c0f:f248::/32; | |
real_ip_header CF-Connecting-IP; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
server_name _; | |
listen 443 ssl http2 default_server; | |
listen [::]:443 ssl http2 default_server; # ip v6 | |
ssl_reject_handshake on; # ssl doğrulamasını reddediyoruz v1.19.4+ | |
return 444; # Bağlantıyı herhangi bir veri göndermeden kapatıyoruz. | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example Url: https://example.com/test?a=1&b=2 | |
$time_iso8601 = 2024-11-06T05:28:00+00:00 | |
$remote_addr = 216.245.221.84 | |
$status = 200 | |
$request_method = GET | |
$request_uri = /test?a=1&b=2 | |
$request_id = df3efb9d5a052259e062a21f5e394b8b | |
$request_length = 1215 | |
$request_time = 0.016 | |
$body_bytes_sent = 4223 | |
$http_referer = https://google.com/test?c=3 | |
$http_user_agent = Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) | |
$http_x_forwarded_for = 14.165.213.190 | |
$scheme = https | |
$http_host = example.com | |
$server_protocol = HTTP/2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http { | |
... | |
log_format log_json escape=json '{"time":"$time_iso8601","ip":"$remote_addr","status":"$status","method":"$request_method","uri":"$request_uri","req_id":"$request_id","req_len":"$request_length","res_time":"$request_time","res_len":"$body_bytes_sent","referer":"$http_referer","agent":"$http_user_agent","xff":"$http_x_forwarded_for","scheme":"$scheme","host":"$http_host","protocol":"$server_protocol"}'; | |
access_log /var/log/nginx/access.log log_json; | |
... | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"time": "2024-11-06T11:44:34+00:00", | |
"ip": "14.165.213.190", | |
"status": "200", | |
"method": "GET", | |
"uri": "/home?a=1", | |
"req_id": "7c465331b90977784692a0d2842519db", | |
"req_len": "1162", | |
"res_time": "0.055", | |
"res_len": "131247", | |
"referer": "https://example.com/home?b=2", | |
"agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36", | |
"xff": "14.165.213.190", | |
"scheme": "https", | |
"host": "example.com", | |
"protocol": "HTTP/2.0" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment