#!/bin/bash
CF_IPV4_URL="https://www.cloudflare.com/ips-v4/"
CF_IPV6_URL="https://www.cloudflare.com/ips-v6/"
OUTPUT_FILE="/etc/nginx/data/nginx/custom/http_top.conf"

# Fetch IP ranges (force IPv4 since host lacks IPv6 egress)
IPV4=$(curl -4 -sfL "$CF_IPV4_URL") || { echo "Failed to fetch IPv4 ranges"; exit 1; }
IPV6=$(curl -4 -sfL "$CF_IPV6_URL") || { echo "Failed to fetch IPv6 ranges"; exit 1; }

# Build config
{
  echo "# Cloudflare real IP restoration"
  echo "# Auto-generated on $(date)"
  echo ""
  for ip in $IPV4; do
    echo "set_real_ip_from $ip;"
  done
  for ip in $IPV6; do
    echo "set_real_ip_from $ip;"
  done
} > "$OUTPUT_FILE"
echo "Config written to $OUTPUT_FILE"

# Test nginx config before reloading
docker exec nginx-app-1 nginx -t || { echo "Nginx config test failed, aborting reload"; exit 1; }

# Reload nginx
docker exec nginx-app-1 nginx -s reload
echo "Nginx reloaded successfully"