From 57039d769fd570efa14523bcd7fe77ccf93d2958 Mon Sep 17 00:00:00 2001 From: proffapt Date: Fri, 5 Jul 2024 00:08:02 +0530 Subject: [PATCH] feat: added cloudflare real ip unmasking --- nginx/Dockerfile | 3 +++ nginx/cloudflare.metaploy.conf | 35 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 nginx/cloudflare.metaploy.conf diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 4b08ce1..32489af 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -10,8 +10,11 @@ WORKDIR /app # Copy config file RUN rm /etc/nginx/conf.d/default.conf + COPY nginx.conf /etc/nginx/ +COPY cloudflare.metaploy.conf /etc/nginx/sites-enabled/ + # Set up the watcher. COPY watch_reload.sh ./ diff --git a/nginx/cloudflare.metaploy.conf b/nginx/cloudflare.metaploy.conf new file mode 100644 index 0000000..35b8ad2 --- /dev/null +++ b/nginx/cloudflare.metaploy.conf @@ -0,0 +1,35 @@ +###################### Cloudflare masks real IPs ######################### +# We are using cloudflare for DNS management # +# Cloudflare masks the real ip of the user with its ips # +# Here we are specifying cloudflare to provide with the user's actual ip # +# via sending a special header. # +########################################################################## + +# IPv4 +set_real_ip_from 173.245.48.0/20; +set_real_ip_from 103.21.244.0/22; +set_real_ip_from 103.22.200.0/22; +set_real_ip_from 103.31.4.0/22; +set_real_ip_from 141.101.64.0/18; +set_real_ip_from 108.162.192.0/18; +set_real_ip_from 190.93.240.0/20; +set_real_ip_from 188.114.96.0/20; +set_real_ip_from 197.234.240.0/22; +set_real_ip_from 198.41.128.0/17; +set_real_ip_from 162.158.0.0/15; +set_real_ip_from 104.16.0.0/13; +set_real_ip_from 104.24.0.0/14; +set_real_ip_from 172.64.0.0/13; +set_real_ip_from 131.0.72.0/22; +set_real_ip_from 172.19.0.0/16; + +# IPv6 +set_real_ip_from 2400:cb00::/32; +set_real_ip_from 2606:4700::/32; +set_real_ip_from 2803:f800::/32; +set_real_ip_from 2405:b500::/32; +set_real_ip_from 2405:8100::/32; +set_real_ip_from 2a06:98c0::/29; +set_real_ip_from 2c0f:f248::/32; + +real_ip_header CF-Connecting-IP;