Cloudflare template broken again

Zenexer · August 12, 2021, 4:43pm

This is a similar issue to Issue with Cloudflare template, but this time Cloudflare appears to have removed the trailing line break from the IPv4 list, resulting in the following output (comment added to indicate problem):

set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/222400:cb00::/32;  # PROBLEM HERE
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;

I’m currently on f568633bf060c18cc0866b4018842ce9ec9da33a (latest main).

Here’s a quick demo command that should work with or without trailing line breaks. It doesn’t include the escaping from the original script and will need to be adapted accordingly.

{ wget https://www.cloudflare.com/ips-v4/ -O - && echo && wget https://www.cloudflare.com/ips-v6/ -O -; } | sed '/^$/d; s/.*/set_real_ip_from &;/'

Zenexer · August 12, 2021, 4:59pm

Changing the first part of the template’s script to the following resolves the issue and correctly handles extraneous line breaks:

#!/bin/bash -e
# Download list of CloudFlare ips
wget https://www.cloudflare.com/ips-v4/ -O - > /tmp/cloudflare-ips
echo >> /tmp/cloudflare-ips
wget https://www.cloudflare.com/ips-v6/ -O - >> /tmp/cloudflare-ips
# Make into nginx commands and escape for inclusion into sed append command
CONTENTS=$(</tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\' | sed 's/\\/\\n/g')

Zenexer · August 12, 2021, 5:06pm

PR: Fix line break handling in Cloudflare template by Zenexer · Pull Request #558 · discourse/discourse_docker · GitHub

Faizan_Zahid · August 15, 2021, 11:24am

Is this issue also related to the above? @AntiMetaman

I had been migrating and changing droplet many times but still i m not able to stop 502 error after rebuild, more details here Discourse updated from admin, not working after rebuild. Fatal error, site does not load anymore after rebuild

When will this likely be fixed? Please let us know once its fixed so we can try again rebuild and avoid crashing on 502 again. @Zenexer

Falco · August 15, 2021, 5:41pm

Thanks for the PR @Zenexer ! Merged it in!

Falco · August 16, 2021, 11:00am

This topic was automatically closed after 17 hours. New replies are no longer allowed.

Topic		Replies	Views
Issue with Cloudflare template bug	11	1629	November 1, 2015
How do I reveal real IPs using CloudFlare installation	14	1099	September 14, 2021
Cloudflare template not working when there is an intermediate proxy installation	2	334	May 10, 2022
Issue w/ nginx after updating installation	4	580	January 28, 2022
Urgent: Site down after upgrade to 1.6.4 due to Cloudflare template support	22	2224	September 29, 2016

Cloudflare template broken again

Related Topics