-
Notifications
You must be signed in to change notification settings - Fork 1
/
cloudflare-nginx-config-update.sh
executable file
·157 lines (150 loc) · 3.92 KB
/
cloudflare-nginx-config-update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/env bash
set -e
function warning {
if [[ $opt_quiet = 0 ]]
then
echo "cloudflare-nginx-config-update: $@">&2
fi
}
function init_variables {
export CLOUDFLARE_IP4=https://www.cloudflare.com/ips-v4
export CLOUDFLARE_IP6=https://www.cloudflare.com/ips-v6
export TARGET=/etc/nginx.d/cloudflare.conf
export WGET_BIN=$(which wget)
export TEMP_FILE=/tmp/cloudflare.$$.tmp
export opt_debug=0
export opt_quiet=0
export opt_show_diff=0
export opt_real_run=0
export opt_backup=1
export opt_x_forwarded_for=x
}
function parse_basic_options {
local OPTIND
while getopts ":dqrsn46cxh" opt; do
case $opt in
d)
warning "-d Enabling debug mode."
opt_debug=1
;;
q)
opt_quiet=1
;;
r)
warning "-r Enabling real run. Overwrite original files!"
opt_real_run=1
;;
s)
warning "-s Enabling showing of diffs."
opt_show_diff=1
;;
n)
warning "-n Disabling backups."
opt_backup=0
;;
4)
warning "-4 Disabling IPv4 IPs."
CLOUDFLARE_IP4=""
;;
6)
warning "-6 Disabling IPv6 IPs."
CLOUDFLARE_IP6=""
;;
c)
warning "-c Using CF-Connecting-IP header instead of the default X-Forwarded-For."
opt_x_forwarded_for=c
;;
x)
warning "-x Disabling adding real_ip_header directive."
opt_x_forwarded_for=""
;;
h)
cat $(dirname $BASH_SOURCE)/README.md
return 1
;;
\?)
warning "Invalid option: -$OPTARG"
return 1
;;
esac
done
shift $((OPTIND-1))
if [[ "$@" != "" ]]
then
export TARGET="$@"
fi
warning "Output file: $TARGET"
if [[ "${CLOUDFLARE_IP4}${CLOUDFLARE_IP6}" = "" ]]
then
warning "Both IPV4 and IPV6 ips can not be disabled in the same time."
return 1
fi
return 0
}
function main_work {
if [[ $opt_debug = 0 ]]
then
export WGET_BIN="$WGET_BIN -q"
fi
$WGET_BIN $CLOUDFLARE_IP4 $CLOUDFLARE_IP6 -O $TEMP_FILE
for i in $(cat $TEMP_FILE)
do
if [[ $i =~ ^[0-9./:a-fA-F]*$ ]];
then
echo "set_real_ip_from $i;"
else
warning "Unrecognised lines in source files: $i"
rm $TEMP_FILE
return 1
fi
done >$TEMP_FILE.2
if [[ $opt_x_forwarded_for = "c" ]]
then
echo "real_ip_header CF-Connecting-IP;" >>$TEMP_FILE.2
fi;
if [[ $opt_x_forwarded_for = "x" ]]
then
echo "real_ip_header X-Forwarded-For;" >>$TEMP_FILE.2
fi
if [[ $opt_show_diff = 1 ]]
then
if [[ -s $TARGET ]]
then
diff -uwb $TARGET $TEMP_FILE.2 && opt_real_run=0 && warning "There are no changes."
else
warning "Original file does not exist, showing diff is not possible."
fi
fi
if [[ $opt_real_run = 1 ]]
then
if [[ $opt_backup = 1 ]]
then
if [[ -s $TARGET ]]
then
warning "Backing up the original file."
cp -a $TARGET $TARGET.bak
else
warning "Original file does not exist or empty, backing up is not possible."
fi
fi
warning "Overwriting original file."
cat $TEMP_FILE.2 > $TARGET
fi
warning "Removing temporary files."
rm $TEMP_FILE.2 $TEMP_FILE
warning "All done."
}
init_variables
parse_basic_options "$@"
retval=$?
if [[ $retval == 0 ]]
then
main_work
retval=$?
fi
if [[ "$SHUNIT_VERSION" = "" ]]
then
exit $retval
else
return $retval
fi