Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/peterdavehello/nginx-cdn-set-real-ip

Help nginx recognize clients' real IP, instead of Cloudflare/Fastly IP when using their CDN 🌐
https://github.com/peterdavehello/nginx-cdn-set-real-ip

address cdn client cloudflare fastly hacktoberfest ip nginx real-ip server web

Last synced: 2 months ago
JSON representation

Help nginx recognize clients' real IP, instead of Cloudflare/Fastly IP when using their CDN 🌐

Host: GitHub
URL: https://github.com/peterdavehello/nginx-cdn-set-real-ip
Owner: PeterDaveHello
Created: 2019-11-04T12:28:06.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-06-03T15:22:16.000Z (over 1 year ago)
Last Synced: 2024-10-19T23:24:11.916Z (3 months ago)
Topics: address, cdn, client, cloudflare, fastly, hacktoberfest, ip, nginx, real-ip, server, web
Language: Shell
Homepage:
Size: 12.7 KB
Stars: 10
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

# nginx-cdn-set-real-ip

This script generates an nginx configuration file that sets the correct client IP address based on CDN's IP addresses and the corresponding header.

## Supported CDN

- Cloudflare (`cf`, using header `CF-Connecting-IP`)
- Fastly (`fastly`, using header `Fastly-Client-IP`)

## Installation

You can either clone this repository to your server, or download the script directly from the repository:

```sh
# Clone the repository
git clone https://github.com/PeterDaveHello/nginx-cdn-set-real-ip /opt/nginx-cdn-set-real-ip

# OR download the script directly
mkdir -p /opt/nginx-cdn-set-real-ip/
curl -sLo /opt/nginx-cdn-set-real-ip/generate.sh https://raw.githubusercontent.com/PeterDaveHello/nginx-cdn-set-real-ip/master/generate.sh
```

> Note: The `/opt` directory may require root privileges to write to. If you encounter permission errors, you may need to run the above commands with `sudo`.

## Usage

To execute the script, ensure correct permissions and include supported CDN codes separated by a space if multiple CDNs are needed:

```sh
./generate.sh [[CDN] [CDN]]
```

For example:

```sh
$ sudo /opt/nginx-cdn-set-real-ip/generate.sh cf
Start nginx real client ip config generation...

Config target: /etc/nginx/conf.d/cloudflare-set-real-ip.conf

Fetching Cloudflare IP addresses...
Generating nginx configuration file...
Nginx configuration for Cloudflare IP addresses added successfully.
```

### Cronjob

The script supports a `--cron` argument that causes it to randomly pause for 0-900 seconds before executing, in order to prevent sending too many requests to the CDN from the same region and avoid excessive updates occurring simultaneously.

You can add a cronjob with supported CDN to trigger the IP update script periodically and reload nginx for the new config.

For example, create `/etc/cron.d/opt/nginx-cdn-set-real-ip` with the following contents:

```cron
1 1 * * * root /opt/nginx-cdn-set-real-ip/generate.sh fastly --cron && /usr/sbin/service nginx reload
```

This will run the script every day at 01:01 AM and reload nginx with the new configuration.

## How it Works

The script fetches the latest CDN IP addresses from official sources and generates an nginx configuration file in `/etc/nginx/conf.d/cdn-set-real-ip.conf`.

It uses the `set_real_ip_from` directive to specify the trusted CDN IP addresses and the `real_ip_header` directive to set the corresponding header as the source of the real IP address.

If there are no changes to the CDN IP addresses, the script will exit without updating the configuration file.

## Reference

### Cloudflare

-
-

### Fastly

-
-