I don't know how often the cloudflare IP's are updated but it does happen once in a while. Since WO has added the conf.d/cloudflare.conf
for setting up the real IP's it would be good to make sure that file stays up to date. WO might want to drop the following executable (chmod +x
) script into /etc/cron.weekly
or /etc/cron.daily
to make sure those CF IP addresses stay up to date.
#!/bin/sh
#
# cloudflare Weekly update for CloudFlare real IP addresses
file="/etc/nginx/conf.d/cloudflare.conf"
echo "# Auto generated by /etc/cron.weekly/cloudflare" > $file
echo "# Last update: `date`" >> $file
echo "" >> $file
echo "real_ip_header CF-Connecting-IP;" >> $file
list=`/usr/bin/curl -s https://www.cloudflare.com/ips-v4`
for i in $list; do
echo "set_real_ip_from $i;" >> $file
done
list=`/usr/bin/curl -s https://www.cloudflare.com/ips-v6`
for i in $list; do
echo "set_real_ip_from $i;" >> $file
done
echo "real_ip_recursive on;" >> $file
/usr/sbin/service nginx reload >/dev/null 2>&1