Skip to content

Instantly share code, notes, and snippets.

@joltcan

joltcan/get-cloudflare-ips.sh

Last active January 18, 2023 11:53
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joltcan/be980d8a87d989f7f1f2349f3db993b6 to your computer and use it in GitHub Desktop.
Save joltcan/be980d8a87d989f7f1f2349f3db993b6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
get-cloudflare-ips.sh
#!/bin/bash
# add this to crontab for automatic updates:
# @daily root /path/to/get-cloudflare-ips.sh
FILENAMEv4="/etc/network/cloudflare-ips-v4.new"
EXISTINGv4="/etc/network/cloudflare-ips-v4"
FILENAMEv6="/etc/network/cloudflare-ips-v6.new"
EXISTINGv6="/etc/network/cloudflare-ips-v6"
# create files
touch $EXISTINGv6 $EXISTINGv4
NGINXCF="/etc/nginx/conf.d/cloudflare.conf"
curl -L -so $FILENAMEv4 https://www.cloudflare.com/ips-v4
curl -L -so $FILENAMEv6 https://www.cloudflare.com/ips-v6
# check the size since Cloudflare once messed it up
SIZEv4=$(du -sb $FILENAMEv4 | awk '{ print $1 }')
SIZEv6=$(du -sb $FILENAMEv4 | awk '{ print $1 }')
if ((SIZEv4<150)) || ((SIZEv6<150)) ; then
echo "File is too small, exiting";
exit 1
else
diff -q $FILENAMEv4 $EXISTINGv4 >/dev/null
DIFFv4=$?
diff -q $FILENAMEv6 $EXISTINGv6 >/dev/null
DIFFv6=$?
if [ $DIFFv4 == 1 ] || [ $DIFFv6 == 1 ]
then
mv $FILENAMEv4 $EXISTINGv4
mv $FILENAMEv6 $EXISTINGv6
# update nginx cloudflare proxy IP mapping
echo "# updated by /etc/network/get-cloudflare.sh" > $NGINXCF
for line in $(cat $EXISTINGv4 $EXISTINGv6)
do
echo "set_real_ip_from $line;" >> $NGINXCF
done
echo "real_ip_header CF-Connecting-IP;" >> $NGINXCF
nginx -t && service nginx reload
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment