Created
September 28, 2018 19:55
-
-
Save heathdutton/d866a267817fb39a73794029b8cdd5eb to your computer and use it in GitHub Desktop.
Script I use to set typical Cloudflare settings.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
cf_user=xxxxxxxxx | |
cf_token=xxxxxxxxx | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
NC='\033[0m' | |
if [ -z $1 ] | |
then | |
echo | |
echo "Finds domains based on the string provided in CF and sets standard preffered settings." | |
echo "usage: bash $0 <domain-name-string>" | |
echo | |
exit | |
fi | |
if [ -z $( which cfcli ) ] | |
then | |
echo "Installing cloudflare-cli" | |
npm install -g cloudflare-cli | |
if [ -z $( which cfcli ) ] | |
then | |
echo "Error: Couldn't install Cloudflare CLI. Please do so manually." | |
exit | |
fi | |
fi | |
if [ -z $( which jq ) ] | |
then | |
brew install jq | |
if [ -z $( which jq ) ] | |
then | |
echo "Error: Couldn't install JQ. Please do so manually." | |
exit | |
fi | |
fi | |
echo "Searching Cloudflare for domains containing: $1" | |
domains=$( cfcli -e="$cf_user" -k="$cf_token" -f=csv zones | cut -d ',' -f1,4 | grep "$1" ) | |
domain_list=$( echo "$domains" | cut -d ',' -f1 | tr '\n' ',' | rev | cut -c 2- | rev ) | |
if [ -z "$domains" ] | |
then | |
echo "Error: No domains found." | |
exit | |
else | |
echo "Domains found: $domain_list" | |
read -p "Do you want to apply default settings to these domains (caching, network, etc)? " -n 1 -r | |
echo | |
if [[ $REPLY =~ ^[Yy]$ ]] | |
then | |
echo "Default settings enabled." | |
settings=1 | |
else | |
echo "Default settings disabled." | |
settings=0 | |
fi | |
read -p "Do you want to apply default page rules to these domains (HTTPS always on, apex redirect, etc)? " -n 1 -r | |
echo | |
if [[ $REPLY =~ ^[Yy]$ ]] | |
then | |
echo "Pagerules enabled." | |
pagerules=1 | |
else | |
echo "Pagerules disabled." | |
pagerules=0 | |
fi | |
echo "Password is needed to flush DNS" | |
sudo dscacheutil -flushcache | |
sudo killall -HUP mDNSResponder | |
echo "Beginning run..." | |
for domain_zone in $domains | |
do | |
IFS=',' read -r -a array <<< "$domain_zone" | |
domain="${array[0]}" | |
zone="${array[1]}" | |
echo | |
echo "Domain: $domain" | |
echo "Zone: $zone" | |
echo "-------------------------------------------------------" | |
printf "Cloudflare DNS: " | |
curl=$( curl -s -I http://$domain ) | |
if [[ $curl == *"Server: cloudflare-nginx"* ]] | |
then | |
cfon=1 | |
printf " ${GREEN}ON${NC}" | |
else | |
cfon=0 | |
printf "${RED}OFF${NC}" | |
fi | |
printf "\n" | |
printf "SSL Enforcement: " | |
if [[ $curl == *"301 Moved Permanently"* ]] | |
then | |
sslenforced=1 | |
printf " ${GREEN}ON${NC}" | |
else | |
sslenforced=0 | |
printf "${RED}OFF${NC}" | |
fi | |
printf "\n" | |
curl=$( curl -s -I https://$domain ) | |
printf "SSL Access: " | |
if [[ $curl == *"200 OK"* ]] | |
then | |
ssl=1 | |
printf " ${GREEN}ON${NC}" | |
else | |
ssl=0 | |
printf "${RED}OFF${NC}" | |
fi | |
printf "\n" | |
printf "Cloudflare Status: " | |
if [[ $cfon == 0 && $sslenforced == 0 ]] | |
then | |
printf " ${GREEN}READY${NC}" | |
fi | |
if [[ $cfon == 1 && $sslenforced == 1 && $ssl == 0 ]] | |
then | |
# Indicates a likely redirect loop or other critical issue. | |
printf " ${RED}ERROR${NC}" | |
fi | |
if [[ $cfon == 1 && $sslenforced == 1 && $ssl == 1 ]] | |
then | |
printf " ${GREEN}DONE${NC}" | |
fi | |
if [[ $cfon == 1 && $sslenforced == 0 && $ssl == 1 ]] | |
then | |
inprogress=1 | |
printf " ${YELLOW}IN PROGRESS${NC}" | |
else | |
inprogress=0 | |
fi | |
if [[ $cfon == 0 && $sslenforced == 1 ]] | |
then | |
printf " ${RED}NOT READY${NC}" | |
fi | |
printf "\n" | |
echo "-------------------------------------------------------" | |
if [[ $pagerules == 1 ]] | |
then | |
printf "Remove existing page rules. " | |
allrules=$( curl -X GET "https://api.cloudflare.com/client/v4/zones/$zone/pagerules?status=active&order=status&direction=desc&match=all" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" -s ) | |
rules=$( echo $allrules | jq ".result[].id" ) | |
# echo $allrules | |
# exit 1 | |
for rule in $rules | |
do | |
rule="${rule//\"}" | |
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zone/pagerules/$rule" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" -s -w "%{http_code}" -o /dev/null | |
printf " " | |
done | |
printf "\n" | |
printf "Add page rule for Always HTTPS " | |
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"http://*'$domain'/*"}}],"actions":[{"id":"always_use_https"}],"priority":1,"status":"active"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
if [[ $inprogress == 1 ]] | |
then | |
printf "Add page rule for Always HTTPS (temporary) " | |
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"http://*'$domain'"}}],"actions":[{"id":"always_use_https"}],"priority":2,"status":"active"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
fi | |
printf "Add page rule for apex redirection " | |
curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"https://www.'$domain'/*"}}],"actions":[{"id":"forwarding_url","value":{"url":"https:\/\/'$domain'\/$1","status_code":301}}],"priority":3,"status":"active"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
# This can be removed after the next deployment. | |
# printf "Add page rule for Retreaver revenue fix (temporary) " | |
# curl -X POST "https://api.cloudflare.com/client/v4/zones/$zone/pagerules" \ | |
# -H "X-Auth-Email: $cf_user" \ | |
# -H "X-Auth-Key: $cf_token" \ | |
# -H "Content-Type: application/json" \ | |
# --data '{"targets":[{"target":"url","constraint":{"operator":"matches","value":"https://'$domain'/universaltracking/api/retreaver/obcall/*/*/*/"}}],"actions":[{"id":"forwarding_url","value":{"url":"https:\/\/'$domain'\/universaltracking\/api\/retreaver\/obcall\/$1\/$2\/0\/","status_code":302}}],"priority":4,"status":"active"}' -s -w "%{http_code}" -o /dev/null | |
# printf "\n" | |
fi | |
if [[ $settings == 1 ]] | |
then | |
printf "Turning off rocketloader " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/rocket_loader" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":"off"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
printf "Optimize CSS/JS/HTML " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/minify" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":{"css":"on","html":"on","js":"on"}}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
printf "Enable Automatic HTTPS Rewrites " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/automatic_https_rewrites" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":"on"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
printf "SSL Setting to Flexible " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/ssl" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":"flexible"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
printf "Browser Cache TTL to 8 days " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/browser_cache_ttl" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":691200}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
printf "Disable ipv6 support " | |
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone/settings/ipv6" \ | |
-H "X-Auth-Email: $cf_user" \ | |
-H "X-Auth-Key: $cf_token" \ | |
-H "Content-Type: application/json" \ | |
--data '{"value":"off"}' -s -w "%{http_code}" -o /dev/null | |
printf "\n" | |
fi | |
done | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment