Last active
May 4, 2016 20:33
-
-
Save jasondewitt/935b6f6e75c07c35a3a0 to your computer and use it in GitHub Desktop.
update nginx to allow various cloud service IPs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # incapsula.sh | |
| # grab the list of pingdom check public ips and format into a nginx config file to allow | |
| # these addresses | |
| # also handles set_real_ip_from, include both files into your config and check | |
| # http://nginx.org/en/docs/http/ngx_http_realip_module.html for more info on real ip | |
| allow_file='/etc/nginx/include/incapsula.conf' | |
| realip_file='/etc/nginx/include/incapsula_realip.conf' | |
| # get list of IPs from incapsula | |
| incapsula=$(curl -k -s --data "resp_format=nginx" https://my.incapsula.com/api/integration/v1/ips) | |
| #echo $incapsula | |
| # get the diff of the two arrays | |
| diff=$(diff <(echo "$incapsula") <(cat ${allow_file})) | |
| # if $diff has a zero length, the two lists are the same | |
| # if $incapsula is zero lenght, we didn't get a resp from the api for some reason | |
| if [[ -z "$diff" ]] || [[ -z "$incapsula" ]]; then | |
| echo "no updates needed" | |
| else | |
| echo "$incapsula" > ${allow_file} | |
| sed 's/allow/set_real_ip_from/g' ${allow_file} > ${realip_file} | |
| /etc/init.d/nginx reload | |
| fi | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # pingdom.sh | |
| # grab the list of pingdom check public ips and format into a nginx config | |
| # to allow these addresses | |
| # https://help.pingdom.com/hc/en-us/articles/203682601-How-to-get-all-Pingdom-probes-public-IP-addresses | |
| # nginx conf file to include into your site conf | |
| conffile='/etc/nginx/includes/pingdom.conf' | |
| # get list of IPs from pingdom | |
| pingdom=($(wget --quiet -O- https://www.pingdom.com/rss/probe_servers.xml | perl -nle 'print $1 if /IP: (([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5]));/')) | |
| # grab list of IPs out of the nginx conf file | |
| filelist=($(awk -F " " '{print $2}' ${conffile} | sed 's/;//')) | |
| # get the diff of the two arrays | |
| diff=$(diff <(printf "%s\n" "${pingdom[@]}") <(printf "%s\n" "${filelist[@]}")) | |
| # if $diff has a zero length, the two lists are the same | |
| if [[ -z "$diff" ]]; then | |
| echo "no updates needed" | |
| else | |
| cat /dev/null > ${conffile} | |
| for x in ${pingdom[@]}; do echo "allow $x;">>${conffile}; done | |
| /etc/init.d/nginx reload | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment