Shell script to update original visitor IP for nginx when using Cloudflare

Posted on in Categories Automation & Management, Web Server last updated April 22, 2017

Cloudflare is a CDN, DNS, WAF, DDoS protection, and reverse proxy service. You need to use the ngx_http_realip_module module to change the client address sent in the specified header field such as CF-Connecting-IP or X-Forwarded-For. This shell script downloads a list of IPv4 and IPv6 address from Cloudflare and generates an updated /etc/nginx/cloudflare.real.ip.conf file:

Shell script to reset ebtables on Linux

Posted on in Categories Firewall last updated September 5, 2016

Ebtables is an application program used to set up and maintain the tables of rules (inside the Linux kernel) that inspect Ethernet frames. It is analogous to the iptables application, but less complicated, due to the fact that the Ethernet protocol is much simpler than the IP protocol. ebtables used with bridges on Linux. The following script will stop and clean all ebtables rules:

RHEL / CentOS Linux: Nginx Chroot Jail Start / Stop / Restart Shell Script

Posted on in Categories Security last updated September 5, 2016

A simple shell script to start / stop / restart chrooted nginx web server under CentOS / RHEL Linux. You must have Nginx web server setup in a chroot (jail) so that you can minimizes the damage done by a potential break-in by isolating the web server to a small section of the filesystem. You can also mount $jail/tmp as a separate filesystem (/images/tmpfile.bin) with the noexec,nosuid, nodev options under Linux like operating systems.