Want to subscribe to topics you're interested in?
Become a Member

Beta Branch update tools/csfcf.sh cronjob script in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 24, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    update tools/csfcf.sh cronjob script in 123.09beta01

    switch cloudflare real_ip_header from using CF-Connecting-IP to using standard X-Forwarded-For for better compatibility with other reverse proxies as well as add to cloudflare_customips.conf, real_ip_recursive off; directive which folks can enable if they are sandwiching their cloudflare proxy between another intermediate reverse proxy before Centmin Mod Nginx Cloudflare - Getting Real IP From Behind Two Proxies

    Continue reading...

    123.09beta01 branch
     
  2. pamamolf

    pamamolf Premium Member Premium Member

    3,530
    342
    83
    May 31, 2014
    Ratings:
    +656
    Local Time:
    8:32 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Should i manually change at cloudflare.conf the:
    Code:
    real_ip_header CF-Connecting-IP;
    to:
    Code:
    real_ip_header X-Forwarded-For;
    ?

    Add also at the cloudflare_customips.conf the:

    Code:
    real_ip_recursive off;
     
    • Like Like x 1
  3. Jimmy

    Jimmy Well-Known Member

    1,638
    351
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +876
    Local Time:
    1:32 PM
    1.17.x
    MariaDB 10.3.x
    @eva2000 do we update this manually?
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @pamamolf @Jimmy if you have csfcf.sh running in cronjob, then no need to manually do anything as cronjob will update it for you. So you can check if cronjob has run according to crontab -l listing of when your cronjob should of ran. Then check your cloudflare.conf include file.

    But cloudflare_customips.conf will need a manual update as it only updates and adds
    real_ip_recursive off for first time creation of cloudflare_customips.conf not for subsequent runs as cloudflare_customips.conf is meant to be manually updated to bypass csfcf.sh auto updates.
     
    • Informative Informative x 1
  5. pamamolf

    pamamolf Premium Member Premium Member

    3,530
    342
    83
    May 31, 2014
    Ratings:
    +656
    Local Time:
    8:32 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    For me i have to update both manually as i don't use that cronjob...

    Thanks
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You should if you use cloudflare as when they introduce new cloudflare IPs, the csfcf.conf cronjob updates your config to recognise those new cloudflare ips. Otherwise you could risk CSF Firewall blocking the new cloudflare ips for whatever reason.
     
  7. pamamolf

    pamamolf Premium Member Premium Member

    3,530
    342
    83
    May 31, 2014
    Ratings:
    +656
    Local Time:
    8:32 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok how can i set that?
     
  8. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    just added csfcf.sh cronjob entry
    Code (Text):
    23 */18 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
     
    • Informative Informative x 1
  9. Jimmy

    Jimmy Well-Known Member

    1,638
    351
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +876
    Local Time:
    1:32 PM
    1.17.x
    MariaDB 10.3.x
    @eva2000 I have the cronjob setup. I just checked the cloudflare.conf file and it was changed. Then I checked the cloudflare_customips.conf and it's now blank. I believe there was data in that file prior to this change.
    Code:
    # ./csfcf_update.sh
    --------------------------------------------
     Add Cloudflare IP list to CSF
     from: https://www.cloudflare.com/ips-v4/
     from: https://www.cloudflare.com/ips-v6/
    --------------------------------------------
    
    --------------------------------------------
      Add to /etc/csf/csf.allow
    --------------------------------------------
    
    created /usr/local/nginx/conf/cloudflare.conf include file
    I use a separate file in my /root/tools directory which is setup to send me a notice when the job runs.
    Code:
    #!/bin/bash
    cd /usr/local/src/centminmod/tools/
    ./csfcf.sh auto
    mail -s "CSFCF UPDATE: [SERVER NAME]" [email protected] <<< "CENTMIN MOD CSFCF update has run on SERVER NAME."
     
    Last edited: Oct 25, 2019
  10. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    cloudflare_customips.conf is blank by default prior to this update commit

    after this commit update, cloudflare_customips.conf only gets one additional entry for real_ip_recursive off; directive (which is nginx default value already) for fresh centmin mod installs and is blank for existing centmin mod installs
     
    • Like Like x 1
  11. Jimmy

    Jimmy Well-Known Member

    1,638
    351
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +876
    Local Time:
    1:32 PM
    1.17.x
    MariaDB 10.3.x
    Thanks. Should I add real_ip_recursive off? Or just leave it blank since it's nginx default.
     
  12. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:32 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Up to you doesn't affect you unless you have a 2nd reverse proxy in between cloudflare and your Centmin Mod Nginx server like some folks have with ezoic server's being in the middle.
     
    • Like Like x 1
  13. Jimmy

    Jimmy Well-Known Member

    1,638
    351
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +876
    Local Time:
    1:32 PM
    1.17.x
    MariaDB 10.3.x
    Thanks for the info.