ποΈ Find a remote job. Work from anywhere.
100% Remote. 40 hours/week. 10+ positions available.
π§ Send me an email for more information.
π Cloudflare DDNS
Access your home network remotely via a custom domain name without a static IP!
A small, π΅οΈ privacy centric, and β‘ lightning fast multi-architecture Docker image for self hosting projects.
π Table of Contents
- πΊπΈ Origin
- π Stats
βοΈ How Private & Secure Is This?- π§° Requirements
- βοΈ Equipment
- π¦ Getting Started
- π Deployment
- π³ Docker Compose
- π Kubernetes
- π§ Crontab
- Building from source
- License
- Author
πΊπΈ Origin
This script was written for the Raspberry Pi platform to enable low cost self hosting to promote a more decentralized internet.
π§Ή Safe for use with existing records
cloudflare-ddns handles the busy work for you, so deploying web apps is less of a clickfest. Every 5 minutes, the script fetches public IPv4 and IPv6 addresses and then creates/updates DNS records for each subdomain in Cloudflare.
Optional features
Stale, duplicate DNS records are removed for housekeeping.
π Stats
| Size | Downloads | Discord |
|---|---|---|
 |
 |
 |
βοΈ How Private & Secure Is This?
- Uses zero-log external IPv4 & IPv6 provider (cdn-cgi/trace)
- Alpine Linux base image
- HTTPS only via Python Software Foundation requests module
- Docker runtime
- Open source for open audits
- Regular updates
π§° Requirements
π Click here to buy a domain name and get a free Cloudflare account.
Supported Platforms
- Docker
- Docker Compose (optional)
- Kubernetes (optional)
- Python 3 (optional)
Helpful links
βοΈ Equipment
Here is a list of equipment I use to run this script on a Raspberry Pi 4.
Networking
Network Switches
Network Cables
Storage
Battery Backup
Recommended Setups
Rest assured your money is well spent on any of the following platforms. Each platform provides a robust virtualization solution for running Docker containers.
ARM64 - Raspberry Pi 4
- Raspberry Pi 4
- Raspberry Pi 4 case
- Raspberry Pi 4 power supply
- Raspberry Pi 4 128gb microSD card
- Raspberry Pi 4 heatsink
- Raspberry Pi 4 cooling fan
- Raspberry Pi 4 USB-C to HDMI adapter
x86_64 - Intel NUC
π¦ Getting Started
First copy the example configuration file into the real one.
cp config-example.json config.jsonEdit config.json and replace the values with your own.
π Authentication methods
You can choose to use either the newer API tokens, or the traditional API keys
To generate a new API tokens, go to your Cloudflare Profile and create a token capable of Edit DNS. Then replace the value in
"authentication":
"api_token": "Your cloudflare API token, including the capability of **Edit DNS**"Alternatively, you can use the traditional API keys by setting appropriate values for:
"authentication":
"api_key":
"api_key": "Your cloudflare API Key",
"account_email": "The email address you use to sign in to cloudflare",Enable or disable IPv4 or IPv6
Some ISP provided modems only allow port forwarding over IPv4 or IPv6. In this case, you would want to disable any interface not accessible via port forward.
"a": true,
"aaaa": trueOther values explained
"zone_id": "The ID of the zone that will get the records. From your dashboard click into the zone. Under the overview tab, scroll down and the zone ID is listed in the right rail",
"subdomains": "Array of subdomains you want to update the A & where applicable, AAAA records. IMPORTANT! Only write subdomain name. Do not include the base domain name. (e.g. foo or an empty string to update the base domain)",
"proxied": "Defaults to false. Make it true if you want CDN/SSL benefits from cloudflare. This usually disables SSH)",
"ttl": "Defaults to 300 seconds. Longer TTLs speed up DNS lookups by increasing the chance of cached results, but a longer TTL also means that updates to your records take longer to go into effect. You can choose a TTL between 30 seconds and 1 day. For more information, see [Cloudflare's TTL documentation](https://developers.cloudflare.com/dns/manage-dns-records/reference/ttl/)",π Hosting multiple subdomains on the same IP?
You can save yourself some trouble when hosting multiple domains pointing to the same IP address (in the case of Traefik) by defining one A & AAAA record 'ddns.example.com' pointing to the IP of the server that will be updated by this DDNS script. For each subdomain, create a CNAME record pointing to 'ddns.example.com'. Now you don't have to manually modify the script config every time you add a new subdomain to your site!
π Hosting multiple domains (zones) on the same IP?
You can handle ddns for multiple domains (cloudflare zones) using the same docker container by separating your configs inside config.json like below:
β οΈ Note
Do not include the base domain name in your subdomains config. Do not use the FQDN.
{
"cloudflare": [
{
"authentication": {
"api_token": "api_token_here",
"api_key": {
"api_key": "api_key_here",
"account_email": "your_email_here"
}
},
"zone_id": "your_zone_id_here",
"subdomains": [
{
"name": "",
"proxied": false
},
{
"name": "remove_or_replace_with_your_subdomain",
"proxied": false
}
]
}
],
"a": true,
"aaaa": true,
"purgeUnknownRecords": false
}π£οΈ Call to action: Docker environment variable support
I am looking for help adding Docker environment variable support to this project. If interested, check out this comment and open a PR.
π³ Deploy with Docker Compose
Pre-compiled images are available via the official docker container on DockerHub.
Modify the host file path of config.json inside the volumes section of docker-compose.yml.
version: '3.7'
services:
cloudflare-ddns:
image: timothyjmiller/cloudflare-ddns:latest
container_name: cloudflare-ddns
security_opt:
- no-new-privileges:true
network_mode: 'host'
environment:
- PUID=1000
- PGID=1000
volumes:
- /YOUR/PATH/HERE/config.json:/config.json
restart: unless-stoppedβ οΈ IPv6
Docker requires network_mode be set to host in order to access the IPv6 public address.
πββοΈ Running
From the project root directory
docker-compose up -dπ Kubernetes
Create config File
cp ../../config-example.json config.jsonEdit config.jsonon (vim, nvim, nano... )
${EDITOR} config.jsonCreate config file as Secret.
kubectl create secret generic config-cloudflare-ddns --from-file=config.json --dry-run=client -oyaml -n ddns > config-cloudflare-ddns-Secret.yamlapply this secret
kubectl apply -f config-cloudflare-ddns-Secret.yaml
rm config.json # recomended Just keep de secret on Kubernetes Clusterapply this Deployment
kubectl apply -f cloudflare-ddns-Deployment.yamlπ§ Deploy with Linux + Cron
π Running (all distros)
This script requires Python 3.5+, which comes preinstalled on the latest version of Raspbian. Download/clone this repo and give permission to the project's bash script by running chmod +x ./start-sync.sh. Now you can execute ./start-sync.sh, which will set up a virtualenv, pull in any dependencies, and fire the script.
-
Upload the cloudflare-ddns folder to your home directory /home/your_username_here/
-
Run the following code in terminal
crontab -e- Add the following lines to sync your DNS records every 15 minutes
*/15 * * * * /home/your_username_here/cloudflare-ddns/start-sync.shBuilding from source
Create a config.json file with your production credentials.
π Please Note
The optional docker-build-all.sh script requires Docker experimental support to be enabled.
Docker Hub has experimental support for multi-architecture builds. Their official blog post specifies easy instructions for building with Mac and Windows versions of Docker Desktop.
- Choose build platform
-
Multi-architecture (experimental)
docker-build-all.sh -
Linux/amd64 by default
docker-build.sh
- Give your bash script permission to execute.
sudo chmod +x ./docker-build.shsudo chmod +x ./docker-build-all.sh- At project root, run the
docker-build.shscript.
Recommended for local development
./docker-build.shRecommended for production
./docker-build-all.shRun the locally compiled version
docker run -d timothyjmiller/cloudflare_ddns:latestLicense
This Template is licensed under the GNU General Public License, version 3 (GPLv3).
Author
Timothy Miller