Teklynk teklynk
teklynk
/ gist:a25e31fd40c0718c263feb95d73081c8
Created
August 4, 2025 02:41
Automated Nginx, UFW, Cloudflare IP allow script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # I use this script on a few NGINX servers that are behind Cloudflare. I use it to restrict access and to only allow access from a Cloudflare IP addresses. | |
| # This means that clients must hit cloudflare's proxied DNS first before accessing your website, reventing clients from accessing your server via the host/server IP. | |
| # The script downloads a list of Cloudflare IP addresses, generates a allow list file, restarts NGINX, creates firewall rules using UFW, restarts UFW. | |
| # I run the script as a cron job on a weekly schedule. | |
| # Add this line to your websites nginx config. | |
| # include /etc/nginx/cloudflare_ips.conf; | |