Just shipped a new mini side-project for Pixelfed +...

All posts dansup's posts Post Back to profile

Just shipped a new mini side-project for Pixelfed + Laravel Forge + Cloudflare.

This tool enhances your @pixelfed server security by automatically updating your server's firewall to allow only Cloudflare IP ranges, effectively blocking unauthorized requests.

This can ensure that only legitimate traffic reaches your server, reducing the risk of attacks and unauthorized access.

Simply add 2 env vars and setup the scheduler, and it will auto-update 😎

Source: https://github.com/dansup/forge-cf-ips-autoupdate

#devops

Like 16 June at 13:24 | Open on mastodon.social

3 comments

Melroy van den Berg

@dansup @pixelfed while I like this improvement very much. Due to the recent events regarding cloudflare I'm not planning to use cloudflare at all. Not now or in the future. Their sales tactics and the way the company is treating customers is instantly bad.

16 June at 13:47 | Open on mastodon.melroy.org

dansup

@melroy @pixelfed I understand, this could be adapted to other WAF/DDoS protection services if they have a public api that lists their IP ranges!

16 June at 13:48 | Open on mastodon.social

Sheogorath 🦊

@dansup @pixelfed For those wondering how to do this in Terraform with e.g. Hetzner:

https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/441b1072adaa305d648b066c1e42158e3dba53fc/terraform/hedgedoc-demo/firewall.tf#L22-34

There you go :)

16 June at 13:58 | Open on microblog.shivering-isles.com