Skip to content

ftcunion/cloudflare-aop-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
hostname
hostname
 
 
zone
zone
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CONFIG.template
CONFIG.template
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
generate_certs.sh
generate_certs.sh
 
 

Repository files navigation

Cloudflare Authenticated Origin Pulls Bash Scripts

This repository contains several minimal bash scripts which help you follow the instructions provided by Cloudflare to set up authenticated origin pulls:

To generate the certificates, you can use the generate_certs.sh script in the root directory. This script follows the instructions in the "Before you begin" section of the Cloudflare documentation.

In each directory, there are scripts to:

  • upload_cert.sh: Upload the generated certificate and private key to Cloudflare. It assumes the paths from the generate_certs.sh script.
  • enable_cert.sh: Enable the uploaded certificate for authenticated origin pulls.
  • list_cert.sh: List the certificates uploaded for the zone or hostname.
  • status_cert.sh: Check the status of a certificate.
  • delete_cert.sh: Delete a certificate.

Of these, only the first two are required to set up authenticated origin pulls. The others are for managing the certificates and debugging. Each script just calls curl with the appropriate parameters.

Dependencies

Every script except for generate_certs.sh requires curl (which is not preinstalled on Debian/Ubuntu). The generate_certs.sh script requires openssl.

Usage

To use the scripts, you need to create a CONFIG file in the root directory with your Cloudflare account details:

MYAUTHEMAIL=""    # Email for Cloudflare account
MYAUTHKEY=""      # Global API Key for Cloudflare account, https://dash.cloudflare.com/profile/api-tokens
ZONEID=""         # Zone ID for domain, available in overview tab of Cloudflare dashboard
HOSTNAME=""       # Hostname for hostname-level scripts

You can also start by copying the CONFIG.template file to CONFIG (i.e., cp CONFIG.template CONFIG) and filling in your details. You can then run the scripts from the root of this repository. For example, if you were following the instructions to set up a zone-level certificate, you would run:

./generate_certs.sh         # Step 0
./zone/upload_cert.sh | jq  # Step 1
./zone/enable_cert.sh | jq  # Step 4

Piping to jq is optional. It just makes the json output look nice.

After running those three commands, you just have to switch on the SSL/TLS > Origin Server > Authenticated Origin Pulls option in the Cloudflare dashboard (step 3) and enforce the validation check on your origin server using the rootca.crt file generated by generate_certs.sh (steps 2 and 5).

About

Minimal bash scripts to work with custom certificates for Cloudflare's authenticated origin pulls feature

developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/

Topics

cloudflare bash-script cloudflare-api mutual-tls authenticated-origin-pulls

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Languages