From 7d9f0c4b07ab0ec0ccd94bcf6d39725308cb1396 Mon Sep 17 00:00:00 2001
From: Christopher Berger <chris@wittenberger.us>
Date: Fri, 29 May 2026 02:01:39 +0000
Subject: [PATCH] Add configs/update-cloudflare-ips.sh

---
 configs/update-cloudflare-ips.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 configs/update-cloudflare-ips.sh

diff --git a/configs/update-cloudflare-ips.sh b/configs/update-cloudflare-ips.sh
new file mode 100644
index 0000000..fc33793
--- /dev/null
+++ b/configs/update-cloudflare-ips.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+CF_IPV4_URL="https://www.cloudflare.com/ips-v4/"
+CF_IPV6_URL="https://www.cloudflare.com/ips-v6/"
+OUTPUT_FILE="/etc/nginx/data/nginx/custom/http_top.conf"
+
+# Fetch IP ranges (force IPv4 since host lacks IPv6 egress)
+IPV4=$(curl -4 -sfL "$CF_IPV4_URL") || { echo "Failed to fetch IPv4 ranges"; exit 1; }
+IPV6=$(curl -4 -sfL "$CF_IPV6_URL") || { echo "Failed to fetch IPv6 ranges"; exit 1; }
+
+# Build config
+{
+  echo "# Cloudflare real IP restoration"
+  echo "# Auto-generated on $(date)"
+  echo ""
+  for ip in $IPV4; do
+    echo "set_real_ip_from $ip;"
+  done
+  for ip in $IPV6; do
+    echo "set_real_ip_from $ip;"
+  done
+} > "$OUTPUT_FILE"
+echo "Config written to $OUTPUT_FILE"
+
+# Test nginx config before reloading
+docker exec nginx-app-1 nginx -t || { echo "Nginx config test failed, aborting reload"; exit 1; }
+
+# Reload nginx
+docker exec nginx-app-1 nginx -s reload
+echo "Nginx reloaded successfully"
\ No newline at end of file