From 47821474a57d72e9252670881f1fe3f944e3bd25 Mon Sep 17 00:00:00 2001 From: RyoshiKayo Date: Sun, 11 Feb 2018 23:49:11 -0500 Subject: [PATCH] Added CloudFlare Supprt for WeebDev/lolisafe#70 --- README.md | 3 +++ cloudflare-ips | 30 ++++++++++++++++++++++++++++++ nginx-ssl.sample.conf | 6 ++++++ nginx.sample.conf | 3 +++ 4 files changed, 42 insertions(+) create mode 100644 cloudflare-ips diff --git a/README.md b/README.md index cf2a480..d0261ef 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,9 @@ Which one you use is ultimately up to you. Either way, I've provided a sample co If you set `enableUserAccounts: true`, people will be able to create accounts on the service to keep track of their uploaded files and create albums to upload stuff to, pretty much like imgur does, but only through the API. Every user account has a token that the user can use to upload stuff through the API. You can find this token on the section called `Change your token` on the administration dashboard, and if it gets leaked or compromised you can renew it by clicking the button titled `Request new token`. +## Cloudflare Support +If you are running lolisafe behind Cloudflare there is support to make the NGINX logs have the users IP instead of Cloudflares IP. ALl you need to do is uncomment the `include /cloudflare-ips;` + ## Using loli-safe Once the service starts you can start hitting the upload endpoint at `/api/upload` with any file. If you're using the frontend to do so then you are pretty much set, but if using the API to upload make sure the form name is set to `files[]` and the form type to `multipart/form-data`. If the service is running in private mode, dont forget to send a header of type `token: YOUR-CLIENT-TOKEN` to validate the request. diff --git a/cloudflare-ips b/cloudflare-ips new file mode 100644 index 0000000..f42e28e --- /dev/null +++ b/cloudflare-ips @@ -0,0 +1,30 @@ +# https://www.cloudflare.com/ips/ + +# IPv4 Ranges +# https://www.cloudflare.com/ips-v4/ +set_real_ip_from 03.21.244.0/22; +set_real_ip_from 03.22.200.0/22; +set_real_ip_from 03.31.4.0/22; +set_real_ip_from 04.16.0.0/12; +set_real_ip_from 08.162.192.0/18; +set_real_ip_from 31.0.72.0/22; +set_real_ip_from 41.101.64.0/18; +set_real_ip_from 62.158.0.0/15; +set_real_ip_from 72.64.0.0/13; +set_real_ip_from 73.245.48.0/20; +set_real_ip_from 88.114.96.0/20; +set_real_ip_from 90.93.240.0/20; +set_real_ip_from 97.234.240.0/22; +set_real_ip_from 98.41.128.0/17; + +# IPv6 Ranges +# https://www.cloudflare.com/ips-v6/ +set_real_ip_from 400:cb00::/32; +set_real_ip_from 405:8100::/32; +set_real_ip_from 405:b500::/32; +set_real_ip_from 606:4700::/32; +set_real_ip_from 803:f800::/32; +set_real_ip_from c0f:f248::/32; +set_real_ip_from a06:98c0::/29; + +real_ip_header CF-Connecting-IP; diff --git a/nginx-ssl.sample.conf b/nginx-ssl.sample.conf index 2172564..2e11adf 100644 --- a/nginx-ssl.sample.conf +++ b/nginx-ssl.sample.conf @@ -7,6 +7,9 @@ server { listen [::]:80; server_name lolisafe.moe; return 301 https://$server_name$request_uri; + + # Uncomment if you are running lolisafe behind CloudFlare. + #include /path/to/lolisafe/cloudflare-ips; } server { @@ -21,6 +24,9 @@ server { client_max_body_size 100M; # Change this to the max file size you want to allow + # Uncomment if you are running lolisafe behind CloudFlare. + #include /path/to/lolisafe/cloudflare-ips; + location / { add_header Access-Control-Allow-Origin *; root /path/to/your/uploads/folder; diff --git a/nginx.sample.conf b/nginx.sample.conf index 71b8855..15b3232 100644 --- a/nginx.sample.conf +++ b/nginx.sample.conf @@ -10,6 +10,9 @@ server { client_max_body_size 100M; # Change this to the max file size you want to allow + # Uncomment if you are running lolisafe behind CloudFlare. + #include /path/to/lolisafe/cloudflare-ips; + location / { add_header Access-Control-Allow-Origin *; root /path/to/your/uploads/folder;