this post was submitted on 24 Dec 2023
39 points (93.3% liked)

Selfhosted

40134 readers
546 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I’m finally moving my selfhosting experiments from a VPS to a physical machine in my house but, since I don’t have a static IP address, I opted to use the dynamic dns service offered by Cloudflare.

On their official website I’ve seen suggested ddclient but I haven’t find that much information on which labels should I add to set it up. Therefore, I’ve also found this docker image that seems pretty clean and easy to set up, but the video talking about it was of 3 years ago and I’ve seen that the github repository has been archived last year…

Which option (not necessarily among the two above) do you prefer to set up your Dynamic DNS with Cloudflare? (I don’t know if this can be an important information to add or not, but the Linux server I’m using is running NixOS)

top 24 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 10 months ago

I've been using this image with different providers for years. I would highly recommend it.

https://hub.docker.com/r/qmcgaw/ddns-updater

[–] [email protected] 9 points 10 months ago (1 children)

I wrote a bash script this that updates cloudflare using their API if the public has changed, and just have it running with crontab.

It's been running for 6 years now without issue so I recommend this

[–] [email protected] 3 points 10 months ago

Same but powershell. Works like a charm runs every 5 minutes

[–] [email protected] 7 points 10 months ago (1 children)

I was using that same docker image for a while but somewhat recently migrated to this: https://github.com/favonia/cloudflare-ddns

It handles 5 of my domains all from the single container. Highly recommend it!

[–] [email protected] 2 points 10 months ago

This is what I use as well.

[–] [email protected] 5 points 10 months ago (4 children)

screenshot of Wargames computer saying "A strange game. The only winning move is not to play"

cloudflare is an intelligence company who's flagship product involves them mitming your TLS.

why bother self-hosting, if you do it from behind cloudflare?

[–] [email protected] 7 points 10 months ago (1 children)

Because it provides an extra layer of protection at no cost and makes DNS management very convenient, as well as other free features.

[–] [email protected] -1 points 10 months ago

Convenience will kill the cat

[–] [email protected] 2 points 10 months ago (1 children)

That's why I didn't want to use Cloudflare Tunnels, but just Dynamic DNS. I though that they had access to the stuff you transfer only if you use their tunneling feature and for the reasons you said is something I would prefer to avoid.

The thing is that I bought my domain on Infomaniak and most of the self-hosting tutorials I've seen recommend Cloudflare. Would you suggest something different?

[–] [email protected] 1 points 10 months ago

EDIT: I just realized that ddclient (that I was already considering to set up ddns with cloudflare) also supports Infomaniak directly! (I don’t know how before making this post I didn’t saw it 😅) So I’ll probably go for that way in order to cut out Cloudflare from the equation and rely on one external company less. Thank you :)

[–] [email protected] 1 points 10 months ago

Because I don’t want to expose my home IP.

[–] [email protected] 0 points 10 months ago (1 children)
[–] [email protected] 7 points 10 months ago (1 children)

cloudflare's service puts them in the middle - so, HTTPS doesn't encrypt traffic between the browser and your server anymore, but instead between the browser and CF, and then (separately) between CF and your server. CF is an antidote to intelligence agencies' problem of losing visibility when most of the web switched to HTTPS a decade ago.

[–] [email protected] 2 points 10 months ago

CF is an antidote to intelligence agencies' problem of losing visibility when most of the web switched to HTTPS a decade ago.

This is a claim that will need evidence backing it up.

[–] [email protected] 5 points 10 months ago (1 children)

You might want to check out their Tunnels product. It might do what you want and is easy.

[–] [email protected] 1 points 10 months ago (1 children)

I've seen it mentioned in a bunch of videos and articles, but I didn't like the idea of Cloudflare scanning all the stuff that is transferred from and to my server. If I opt just for their DNS service and update it through the API they can't do that, right?

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

No, then they only handle your DNS setup, which is still okay in my eyes.
Its certainly far away from scanning all HTTP traffic. Not to forget the juicy metadata they get about the users across a big chunk of the internet, perfect tracking machine in a neat package with easy access by the government.

[–] [email protected] 4 points 10 months ago
[–] [email protected] 3 points 10 months ago

All those do is essentially call the Cloudflare API. They'll all work reasonably well. The linked Docker image for example is essentially doing the bulk of it in this bash script which they call from a cron and some other container init logic which I imagine is to do the initial update when the container starts.

Pick whatever is easiest and makes most sense for you. Even the archived Docker thing is so simple, I wouldn't worry about it being unmaintained because it can reasonably be called a finished product. It'll work until Cloudflare upgrades their API and shuts down the old one, which you'd get months to years of warning because of enterprise customers.

Personally, that's a trivial enough task I'd probably just custom-write a Python script to call their API. They even have a python library for their API. Probably like 50-100 lines long tops. I have my own DNS server and my DDNS "server" is a 25 lines PHP script, and the client is a curl command in a cronjob.

DDNS is a long solved and done problem. All the development is essentially just adding new providers.

[–] [email protected] 3 points 10 months ago
[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CF CloudFlare
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL

5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #373 for this sub, first seen 25th Dec 2023, 05:15] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 10 months ago (1 children)

but I haven’t find that much information on which labels should I add to set it up.

I’ve not automated creation of records for new services, but I’ve made it easier for myself by making hostname.domain.ext the dynamic DNS (managed by a simple cron job with curl commands interacting with the API), and all service.domain.ext just CNAME to the main record.

I don’t think I’ll be automating the creation of the CNAME records because something tells me I’d end up leaving a bunch of dead service DNS records behind.

[–] [email protected] 1 points 10 months ago

I think that this could be the cleanest solution, could you share the curl command you used to interact with the API? (Of course replacing your actual access token with ** etc.)

[–] [email protected] 2 points 10 months ago

Been using this slick tool for a while now.

https://github.com/troglobit/inadyn

Easier to configure and better error codes than ddclient in my opinion.