+216 50 039 939
hello@hazguiwp.com

June 26, 2021

GridPane Server Setup

Updating Cloudflare Real IPs

Configuring Daily Real IP Updates

GridPane provides a common configuration and they do update real IPs regularly, but you can set the following up to update these every day.

STEP 1. CREATE THE DAILY UPDATE SHELL SCRIPT

This shell script will contact the Cloudflare servers once a day and create a new updated list of their server blocks. Then the shell will restart Nginx upon successful completion of the update.

nano /opt/gridpane/cloudflare-updates.sh

Save that file with CTRL+O followed by Enter, then exit nano with CTRL+X.

Then from the command line enter:

chmod +x /opt/gridpane/cloudflare-updates.sh

GridPane Includes

GridPane automatically loads the cloudflare-realip.conf into Nginx. Each individual websites vhost contains this include:

include /etc/nginx/common/gridpane-realip.conf;

And this include contains:

include /etc/nginx/common/*cloudflare-realip.conf;

STEP 2. CREATE A CRONJOB TO RUN THE SHELL SCRIPT

We need to set our new script to update every day, as Cloudflare publishes new IP addresses every day.

Edit your crontab with:

crontab -e

Paste the following two lines at the bottom of the file:

#This script updates the list of Cloudflare servers every day at midnight, server time.
0 0 * * * /opt/gridpane/cloudflare-updates.sh

Save the file with CTRL+O followed by Enter, and exit nano with CTRL+X.

You’ll now always see the original IP addresses in your log files instead of all your traffic looking like it originated at Cloudflare.

If you ever do need forensic analysis or SEO analysis, you’ll be working with correct data.

Setup ShortPixel to Serve WebP Images on Nginx

Create webp-mappings.conf

CREATE WEBP-MAPPINGS.CONF

Create the file with the following command:

nano /etc/nginx/conf.d/webp-mappings.conf

Paste the following block of code:

map $http_accept $webp_suffix {
default ""; 
"~*webp" ".webp"; 
}

Create webp-main-context.conf

CREATE A SERVER-WIDE CONFIGURATION

The code supplied by Shortpixel themselves only works on individual sites. We’ve modified it so that you can set live for all your sites in one go and then just never need to worry about it.

To set this up, we need to create a file called shortpixel-webp-main-context.conf  in the /etc/nginx/extra.d/ directory.

Create the file with the following command:

nano /etc/nginx/extra.d/shortpixel-webp-main-context.conf

Paste the following block of code:

location ~* ^(/wp-content/.+).(png|jpe?g)$ { 
set $base $1;
set $webp_uri $base$webp_suffix;
set $webp_old_uri $base.$2$webp_suffix;
add_header Vary Accept;
if ( !-f $document_root$webp_uri ) {
add_header X_WebP_GP_Miss $document_root$webp_uri;
}
try_files $webp_uri $webp_old_uri $uri =404; }

Check and reload Nginx

Finally, we need to check if the conf files are correct then reload Nginx. 

Test your nginx syntax with:

nginx -t

If there are no errors present, reload nginx with the following command:

gp ngx reload

If WebP images still aren't being served as you expected, please double check your PHP version. If you're still on 7.2, upgrading to 7.3 is both a good idea and may help resolve this issue for you.

Using Fail2Ban with Cloudflare

UPDATE THE CLOUDFLARE.CONF

run the following command to create our new config:

nano /etc/fail2ban/action.d/gpcloudflare.conf

Now copy and paste the info from the GitHub page to add the latest, up-to-date cloudflare.conf code.

Leave the nano editor open and move on to step 4 below to add your Cloudflare account details.

ADD YOUR CLOUDFLARE DETAILS TO CLOUDFLARE.CONF

Still inside the gpcloudflare.conf, scroll down to the bottom of the file with your down arrow key. Here you’ll see the following:

We need to enter our API details:

  • cftoken = API-Token
  • cfuser = email@address.com

Ctrl+O and then press enter to save the file. Then Ctrl+X to exit nano.

UPDATE JAIL.LOCAL

We also need to edit the jail.local file to add the Cloudflare action. To edit the file, use the following command:

nano /etc/fail2ban/jail.local

Here we need to add the following to each of our jails (make sure that iptables-multiport is tabbed over as shown in screenshot):

action = gpcloudflare
    iptables-allports

RELOAD FAIL2BAN

Now we need to check your syntax and reload Fail2Ban for our changes to take effect:

fail2ban-client -d && service fail2ban restart

Leave a Reply

Your email address will not be published. Required fields are marked *

HAZGUI WP

HAZGUI WP mission is to create custom websites and marketing plans for businesses of all varieties. Regardless of your size, you should have a website that speaks your ideas and helps you grow.
PRICING
hello@hazguiwp.com
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram