Skip to content

Instantly share code, notes, and snippets.

@heathdutton

heathdutton/cf_settings_set.sh

Created September 28, 2018 19:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save heathdutton/d866a267817fb39a73794029b8cdd5eb to your computer and use it in GitHub Desktop.
Save heathdutton/d866a267817fb39a73794029b8cdd5eb to your computer and use it in GitHub Desktop.
Download ZIP
Script I use to set typical Cloudflare settings.
Raw
cf_settings_set.sh
#! /bin/bash
cf_user=xxxxxxxxx
cf_token=xxxxxxxxx
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
if [ -z $1 ]
then
echo
echo "Finds domains based on the string provided in CF and sets standard preffered settings."
echo "usage: bash $0 <domain-name-string>"
echo
exit
fi
if [ -z $( which cfcli ) ]
then
echo "Installing cloudflare-cli"
npm install -g cloudflare-cli
if [ -z $( which cfcli ) ]
then
echo "Error: Couldn't install Cloudflare CLI. Please do so manually."
exit
fi
fi
if [ -z $( which jq ) ]
then
brew install jq
if [ -z $( which jq ) ]
then
echo "Error: Couldn't install JQ. Please do so manually."
exit
fi
fi
echo "Searching Cloudflare for domains containing: $1"
domains=$( cfcli -e="$cf_user" -k="$cf_token" -f=csv zones | cut -d ',' -f1,4 | grep "$1" )
domain_list=$( echo "$domains" | cut -d ',' -f1 | tr '\n' ',' | rev | cut -c 2- | rev )
if [ -z "$domains" ]
then
echo "Error: No domains found."
exit
else
echo "Domains found: $domain_list"
read -p "Do you want to apply default settings to these domains (caching, network, etc)? " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo "Default settings enabled."
settings=1
else
echo "Default settings disabled."
settings=0
fi
read -p "Do you want to apply default page rules to these domains (HTTPS always on, apex redirect, etc)? " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo "Pagerules enabled."
pagerules=1
else
echo "Pagerules disabled."
pagerules=0
fi
echo "Password is needed to flush DNS"
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
echo "Beginning run..."
for domain_zone in $domains
do
IFS=',' read -r -a array <<< "$domain_zone"
domain="${array[0]}"
zone="${array[1]}"
echo
echo "Domain: $domain"
echo "Zone: $zone"
echo "-------------------------------------------------------"
printf "Cloudflare DNS: "
curl=$( curl -s -I http://$domain )
if [[ $curl == *"Server: cloudflare-nginx"* ]]
then
cfon=1
printf " ${GREEN}ON${NC}"
else
cfon=0
printf "${RED}OFF${NC}"
fi
printf "\n"
printf "SSL Enforcement: "
if [[ $curl == *"301 Moved Permanently"* ]]
then
sslenforced=1
printf " ${GREEN}ON${NC}"
else
sslenforced=0
printf "${RED}OFF${NC}"
fi
printf "\n"
curl=$( curl -s -I https://$domain )
printf "SSL Access: "
if [[ $curl == *"200 OK"* ]]
then
ssl=1
printf " ${GREEN}ON${NC}"
else
ssl=0
printf "${RED}OFF${NC}"
fi
printf "\n"
printf "Cloudflare Status: "
if [[ $cfon == 0 && $sslenforced == 0 ]]
then
printf " ${GREEN}READY${NC}"
fi
if [[ $cfon == 1 && $sslenforced == 1 && $ssl == 0 ]]
then
# Indicates a likely redirect loop or other critical issue.
printf " ${RED}ERROR${NC}"
fi
if [[ $cfon == 1 && $sslenforced == 1 && $ssl == 1 ]]
then
printf " ${GREEN}DONE${NC}"
fi
if [[ $cfon == 1 && $sslenforced == 0 && $ssl == 1 ]]
then
inprogress=1
printf " ${YELLOW}IN PROGRESS${NC}"
else
inprogress=0
fi
if [[ $cfon == 0 && $sslenforced == 1 ]]
then
printf " ${RED}NOT READY${NC}"
fi
printf "\n"
echo "-------------------------------------------------------"
if [[ $pagerules == 1 ]]
then
printf "Remove existing page rules. "
allrules=$( curl -X GET "https://api.cloudflare.com/client/v4/zones/$zone/pagerules?status=active&order=status&direction=desc&match=all" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" -s )
rules=$( echo $allrules | jq ".result[].id" )
# echo $allrules
# exit 1
for rule in $rules
do
rule="${rule//\"}"
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zone/pagerules/$rule" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" -s -w "%{http_code}" -o /dev/null
printf " "
done
printf "\n"
printf "Add page rule for Always HTTPS "
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"http://*'$domain'/*"}}],"actions":[{"id":"always_use_https"}],"priority":1,"status":"active"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
if [[ $inprogress == 1 ]]
then
printf "Add page rule for Always HTTPS (temporary) "
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"http://*'$domain'"}}],"actions":[{"id":"always_use_https"}],"priority":2,"status":"active"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
fi
printf "Add page rule for apex redirection "
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"https://www.'$domain'/*"}}],"actions":[{"id":"forwarding_url","value":{"url":"https:\/\/'$domain'\/$1","status_code":301}}],"priority":3,"status":"active"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
# This can be removed after the next deployment.
# printf "Add page rule for Retreaver revenue fix (temporary) "
# curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \
# -H "X-Auth-Email: $cf_user" \
# -H "X-Auth-Key: $cf_token" \
# -H "Content-Type: application/json" \
# --data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"https://'$domain'/universaltracking/api/retreaver/obcall/*/*/*/"}}],"actions":[{"id":"forwarding_url","value":{"url":"https:\/\/'$domain'\/universaltracking\/api\/retreaver\/obcall\/$1\/$2\/0\/","status_code":302}}],"priority":4,"status":"active"}' -s -w "%{http_code}" -o /dev/null
# printf "\n"
fi
if [[ $settings == 1 ]]
then
printf "Turning off rocketloader "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/rocket_loader" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":"off"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
printf "Optimize CSS/JS/HTML "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/minify" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":{"css":"on","html":"on","js":"on"}}' -s -w "%{http_code}" -o /dev/null
printf "\n"
printf "Enable Automatic HTTPS Rewrites "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/automatic_https_rewrites" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":"on"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
printf "SSL Setting to Flexible "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/ssl" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":"flexible"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
printf "Browser Cache TTL to 8 days "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/browser_cache_ttl" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":691200}' -s -w "%{http_code}" -o /dev/null
printf "\n"
printf "Disable ipv6 support "
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/ipv6" \
-H "X-Auth-Email: $cf_user" \
-H "X-Auth-Key: $cf_token" \
-H "Content-Type: application/json" \
--data '{"value":"off"}' -s -w "%{http_code}" -o /dev/null
printf "\n"
fi
done
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment