Code cleanup (#2542)

* Remove duplicate code in installer * Update Cloudflare IP range * Add upgrade script and sort Cloudflare IP list
hestiacp · Apr 25, 2022 · 015b20a · 015b20a
1 parent baaba4e
commit 015b20a
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 11 deletions.
diff --git a/install/deb/nginx/nginx.conf b/install/deb/nginx/nginx.conf
@@ -99,12 +99,13 @@ http {
     set_real_ip_from 190.93.240.0/20;
     set_real_ip_from 197.234.240.0/22;
     set_real_ip_from 198.41.128.0/17;
-    #set_real_ip_from  2400:cb00::/32;
-    #set_real_ip_from  2405:b500::/32;
-    #set_real_ip_from  2606:4700::/32;
-    #set_real_ip_from  2803:f800::/32;
-    #set_real_ip_from  2c0f:f248::/32;
-    #set_real_ip_from  2a06:98c0::/29;
+    # set_real_ip_from 2400:cb00::/32;
+    # set_real_ip_from 2405:8100::/32;
+    # set_real_ip_from 2405:b500::/32;
+    # set_real_ip_from 2606:4700::/32;
+    # set_real_ip_from 2803:f800::/32;
+    # set_real_ip_from 2a06:98c0::/29;
+    # set_real_ip_from 2c0f:f248::/32;
     real_ip_header     CF-Connecting-IP;
 
     # SSL PCI compliance

diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -1315,11 +1315,6 @@ chown root:mail $HESTIA/ssl/*
 chmod 660 $HESTIA/ssl/*
 rm /tmp/hst.pem
 
-# Adding nologin as a valid system shell
-if [ -z "$(grep nologin /etc/shells)" ]; then
-    echo "/usr/sbin/nologin" >> /etc/shells
-fi
-
 # Install dhparam.pem
 cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
 

diff --git a/install/upgrade/versions/1.6.0.sh b/install/upgrade/versions/1.6.0.sh
@@ -67,3 +67,14 @@ fi
 if [[ ! -d $HESTIA/data/api ]]; then
     cp -rf $HESTIA_INSTALL_DIR/api $HESTIA/data/
 fi
+
+# Update Cloudflare address
+if [ -f /etc/nginx/nginx.conf ] && [ "$(grep 'set_real_ip_from 2405:8100::/32' /etc/nginx/nginx.conf)" = "" ];then
+    echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
+    sed -i "/#set_real_ip_from  2405:b500::\/32;/d" /etc/nginx/nginx.conf
+    sed -i "/#set_real_ip_from  2606:4700::\/32;/d" /etc/nginx/nginx.conf
+    sed -i "/#set_real_ip_from  2803:f800::\/32;/d" /etc/nginx/nginx.conf
+    sed -i "/#set_real_ip_from  2c0f:f248::\/32;/d" /etc/nginx/nginx.conf
+    sed -i "/#set_real_ip_from  2a06:98c0::\/29;/d" /etc/nginx/nginx.conf
+    sed -i "s/#set_real_ip_from  2400:cb00::\/32;/# set_real_ip_from 2400:cb00::\/32;\n    # set_real_ip_from 2606:4700::\/32;\n    # set_real_ip_from 2803:f800::\/32;\n    # set_real_ip_from 2405:b500::\/32;\n    # set_real_ip_from 2405:8100::\/32;\n    # set_real_ip_from 2a06:98c0::\/29;\n    # set_real_ip_from 2c0f:f248::\/32;/g" /etc/nginx/nginx.conf
+fi