Script for Plesk Ubuntu that restores real visitor IPs behind Cloudflare by configuring Nginx and Apache (mod_remoteip), with automatic backups and a --uninstall option to revert changes.

cloudflare_plesk_log_integration.sh

#!/bin/bash
# Plesk Ubuntu Cloudflare Real IP Setup Script
# Sets CF-Connecting-IP for Nginx & Apache globally, with backups
# Usage:
#   sudo ./setup_cf_realip.sh         # install/update
#   sudo ./setup_cf_realip.sh --uninstall   # remove configs

set -e

NGINX_CONF="/etc/nginx/conf.d/cloudflare_realip.conf"
APACHE_CONF="/etc/apache2/conf-enabled/zz-cloudflare.conf"
BACKUP_DIR="/root/cf-realip-backups"

# ---------- UNINSTALL MODE ----------
if [ "$1" = "--uninstall" ]; then
    echo "Uninstalling Cloudflare real IP configs..."

    if [ -f "$NGINX_CONF" ]; then
        rm -f "$NGINX_CONF"
        echo "Removed $NGINX_CONF"
    fi

    if [ -f "$APACHE_CONF" ]; then
        rm -f "$APACHE_CONF"
        echo "Removed $APACHE_CONF"
    fi

    echo "Testing Nginx..."
    nginx -t && systemctl restart nginx

    echo "Testing Apache..."
    apache2ctl configtest && systemctl restart apache2

    echo "Uninstall complete."
    exit 0
fi

# ---------- INSTALL/UPDATE MODE ----------

TIMESTAMP=$(date +"%Y%m%d-%H%M%S")

echo "Creating backups..."
mkdir -p "$BACKUP_DIR"

if [ -d /etc/nginx/conf.d ]; then
    cp -r /etc/nginx/conf.d "$BACKUP_DIR/nginx-conf.d-$TIMESTAMP"
    echo "Backed up /etc/nginx/conf.d to $BACKUP_DIR/nginx-conf.d-$TIMESTAMP"
fi

if [ -d /etc/apache2/conf-enabled ]; then
    cp -r /etc/apache2/conf-enabled "$BACKUP_DIR/apache2-conf-enabled-$TIMESTAMP"
    echo "Backed up /etc/apache2/conf-enabled to $BACKUP_DIR/apache2-conf-enabled-$TIMESTAMP"
fi

echo "Fetching Cloudflare IP ranges..."
IPS4=$(curl -s https://www.cloudflare.com/ips-v4)
IPS6=$(curl -s https://www.cloudflare.com/ips-v6)

# ---------- NGINX CONFIG ----------
echo "Writing Nginx config to $NGINX_CONF..."
mkdir -p /etc/nginx/conf.d

cat > "$NGINX_CONF" << 'EOSCRIPT'
# Cloudflare Real IP for Nginx
real_ip_header CF-Connecting-IP;
EOSCRIPT

# add CIDR ranges with semicolons
echo "$IPS4" | sed 's/^/set_real_ip_from /; s/$/;/' >> "$NGINX_CONF"
echo "$IPS6" | sed 's/^/set_real_ip_from /; s/$/;/' >> "$NGINX_CONF"

cat >> "$NGINX_CONF" << 'EOSCRIPT'
real_ip_recursive on;
EOSCRIPT

# ---------- APACHE CONFIG ----------
echo "Writing Apache config to $APACHE_CONF..."
mkdir -p /etc/apache2/conf-enabled

# convert CIDR to plain IPs (first address only) for RemoteIPTrustedProxy
PLAIN4=$(echo "$IPS4" | sed 's|/.*||')
PLAIN6=$(echo "$IPS6" | sed 's|/.*||')

cat > "$APACHE_CONF" << 'EOSCRIPT'
<IfModule remoteip_module>
    RemoteIPHeader CF-Connecting-IP
EOSCRIPT

# IPv4 plain IPs, no semicolon at end
echo "$PLAIN4" | sed 's/^/    RemoteIPTrustedProxy /' >> "$APACHE_CONF"
# IPv6 plain IPs, no semicolon at end
echo "$PLAIN6" | sed 's/^/    RemoteIPTrustedProxy /' >> "$APACHE_CONF"

cat >> "$APACHE_CONF" << 'EOSCRIPT'
</IfModule>
EOSCRIPT

# Enable Apache remoteip module (via Plesk wrapper, ignore error if already enabled)
if [ -x /usr/local/psa/admin/sbin/httpd_modules_ctl ]; then
    /usr/local/psa/admin/sbin/httpd_modules_ctl --enable remoteip || true
fi

echo "Testing and reloading Nginx..."
nginx -t && systemctl reload nginx

echo "Testing and restarting Apache..."
apache2ctl configtest && systemctl restart apache2

echo "Done."
echo "Backups stored in $BACKUP_DIR/"
echo "Nginx config:  $NGINX_CONF"
echo "Apache config: $APACHE_CONF"