Last active
March 2, 2023 04:23
-
-
Save diegoweb/cd9403787b67c710c8203668f0b2204d to your computer and use it in GitHub Desktop.
Auto update remoteip.conf from mod_remoteip with new CloudFlare ips
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Defining trusted proxy addresses for mod_remoteip to Restore original visitor IPs | |
# https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs | |
# IP's from CloudFlare https://www.cloudflare.com/en-gb/ips/ | |
# Define variables | |
ipv4_url="https://www.cloudflare.com/ips-v4" | |
ipv6_url="https://www.cloudflare.com/ips-v6" | |
filename="remoteip.conf" | |
destination="/etc/httpd/conf.modules.d" | |
mail_on=true | |
email="youremail@domain.com" | |
restart_apache=true | |
apache_service="systemctl restart httpd" | |
mail_service="/usr/sbin/sendmail" | |
scriptpath=$(realpath "$0") | |
date=$(date '+%d-%m-%Y %H:%M:%S') | |
# Download IPv4 file and check if there are IPv4 addresses | |
ipv4=$(curl -sS "$ipv4_url" 2>&1) | |
if [ -z "$ipv4" ] || ! echo "$ipv4" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$'; then | |
echo "Error: Failed to download IPv4 file or file is empty" | |
echo -e "To: $email\nSubject: Error to download IPv4 CloudFlare IPs\n\nThe script failed in $date to download them, maybe the file was empty or corrupted without IPs:\n\n URL: $ipv4_url" | $mail_service "$email" | |
exit 1 | |
fi | |
# Download IPv6 file and check if there are IPv6 addresses | |
ipv6=$(curl -sS "$ipv6_url" 2>&1) | |
if [ -z "$ipv6" ] || ! echo "$ipv6" | grep -qE '^[0-9a-fA-F:/]+$'; then | |
echo "Error: Failed to download IPv6 file or file is empty" | |
echo -e "To: $email\nSubject: Error to download IPv6 CloudFlare IPs\n\nThe script failed in $date to download them, maybe the file was empty or corrupted without IPs:\n\n URL: $ipv6_url" | $mail_service "$email" | |
exit 1 | |
fi | |
# Create a new file with the defined filename | |
touch "$filename" | |
# Write the Header to the file | |
echo "RemoteIPHeader CF-Connecting-IP" >> "$filename" | |
# Write IPv4 addresses to the file | |
echo "# IPV4" >> "$filename" | |
echo "RemoteIPTrustedProxy $(echo "$ipv4" | tr '\n' ' ' | sed 's/ $//')" >> "$filename" | |
# Add an empty line to separate sections (IPv4 from IPv6) | |
echo "" >> "$filename" | |
# Write IPv6 addresses to the file | |
echo "# IPV6" >> "$filename" | |
echo "RemoteIPTrustedProxy $(echo "$ipv6" | tr '\n' ' ' | sed 's/ $//')" >> "$filename" | |
# Compare and move file if it's different | |
if cmp -s "$filename" "$destination/$filename"; then | |
echo "No changes detected. Not overwriting $destination/$filename." | |
rm "$filename" | |
else | |
mv "$filename" "$destination/$filename" | |
echo "File created or overwritten in $destination/$filename" | |
if [ "$mail_on" = true ]; then | |
echo -e "To: $email\nSubject: $filename has been updated (CloudFlare IPs)\n\nThe $destination/$filename has been overwritten on $date after downloading:\n\n $ipv4_url \n $ipv6_url \n\n Script path: $scriptpath" | $mail_service "$email" | |
fi | |
if [ "$restart_apache" = true ]; then | |
$apache_service | |
fi | |
fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This file CANNOT be in the same location as the destination, in this case "/etc/httpd/conf.modules.d" which is the default for RHEL/CentOS/RockyLinux/AlmaLinux.
Make it executable:
chmod +x update_mod_remoteip_cloudflare.sh
Set permissions:
chmod 600 update_mod_remoteip_cloudflare.sh
Now schedule a cronjob for it and profit :)