将现有的 cloudflare.template.yml 复制到 cloudflare-static.template.yml,并替换顶部内容,使其如下所示:
run:
- file:
path: /tmp/add-cloudflare-ips
chmod: +x
contents: |
#!/bin/bash -e
cat <<EOF > /tmp/cloudflare-ips
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32
EOF
# 转换为 nginx 命令并转义以包含在 sed 追加命令中
CONTENTS=$(< /tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\\\' | sed 's/\\\\/\\\\n/g')
echo CloudFlare IPs:
echo $(echo | sed "/^/a $CONTENTS")
# 插入 discourse.conf
sed -i "/sendfile on;/a $CONTENTS\\nreal_ip_header CF-Connecting-IP;" /etc/nginx/conf.d/discourse.conf
# 清理
rm /tmp/cloudflare-ips
- exec: "/tmp/add-cloudflare-ips"
- exec: "rm /tmp/add-cloudflare-ips"
然后将您的应用程序容器更改为使用 -static 模板而不是原始模板。
不要永远这样放着。