Cloudflare intergration

[HesselTjeerdsma]

Since many people use Cloudflare as their dns service, it would be nice to have this integrated into Raptor. With using the Cloudflare DNS no manual changes have to be done when restoring, because dns changes can be done with the Cloudflare api. Could you please take a look at this? I would like to help, but have no experience with BASH scripting.

[nordurljosahvida]

@HesselTjeerdsma sorry for the late reply, this is very interesting, but I really don't have time now to do this on my own. If you can write down some preliminary code - leaving any BASH scripting aside, just writing down "do this" or "do that" - I'll be happy to review the logic behind your code and implement the remaining BASH commands. Let me know if you're interested in doing this together. Thanks for your help!

[HesselTjeerdsma]

1. @nordurljosahvida Would like to help! At the moment I am also quite busy but I will write a bash script, and leave the implementing up to you!

[nordurljosahvida]

Awesome, looking forward to reviewing it. Thanks!

[HesselTjeerdsma]

Here is some simple code that updates dns records using the cloudflare api, I hope it is useful!

#!/bin/bash
AUTH_EMAIL="" #ask during setup
AUTH_KEY="" # found in cloudflare account settings, also ask during setup
DNS_ZONE="" #the DNS zone that should be changed, almost always the root domain
DOMAIN_NAME="www.zlef.nl" #the actual domains that should changed i.e. www.example.com and example.com should update the www.example.com and example.com
NEW_IP=$(curl -s http://ipv4.icanhazip.com) #get ip of current server, maybe echo this and let user check this ip and set it manually if wrong
ZONE_IDENTIFIER=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DNS_ZONE" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*' | head -1 )
RECORD_IDENTIFIER=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_IDENTIFIER/dns_records?name=$DOMAIN_NAME" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json"  | grep -Po '(?<="id":")[^"]*' | head -1) #also returns the mx domains since they have same domain but A domain is always returend first.

curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_IDENTIFIER/dns_records/$RECORD_IDENTIFIER" \ #does the actual updating, makes both the www and the root domain an A-domain
     -H "X-Auth-Email: $AUTH_EMAIL" \
     -H "X-Auth-Key: $AUTH_KEY" \
     -H "Content-Type: application/json" \
     --data "{\"id\":\"$ZONE_IDENTIFIER\",\"type\":\"A\",\"name\":\"$DOMAIN_NAME\",\"content\":\"$NEW_IP\",\"proxied\":false}" #for now proxying through cloudflare is off, since the ssl settings can make a site go into a infinite reloadling loop. First letsencrypt should be installed to make sure this does not happen.

[nordurljosahvida]

Very good work thank you. I'll look into implementing it tomorrow.

…

On May 15, 2018 11:58:43 PM GMT+02:00, HesselTjeerdsma ***@***.***> wrote: Here is some simple code that updates dns records using the cloudflare api, I hope it is useful! ``` #!/bin/bash AUTH_EMAIL="" #ask during setup AUTH_KEY="" # found in cloudflare account settings, also ask during setup DNS_ZONE="" #the DNS zone that should be changed, almost always the root domain DOMAIN_NAME="www.zlef.nl" #the actual domains that should changed i.e. www.example.com and example.com should update the www.example.com and example.com NEW_IP=$(curl -s http://ipv4.icanhazip.com) #get ip of current server, maybe echo this and let user check this ip and set it manually if wrong ZONE_IDENTIFIER=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DNS_ZONE" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*' | head -1 ) RECORD_IDENTIFIER=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_IDENTIFIER/dns_records?name=$DOMAIN_NAME" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*' | head -1) #also returns the mx domains since they have same domain but A domain is always returend first. curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_IDENTIFIER/dns_records/$RECORD_IDENTIFIER" \ #does the actual updating, makes both the www and the root domain an A-domain -H "X-Auth-Email: $AUTH_EMAIL" \ -H "X-Auth-Key: $AUTH_KEY" \ -H "Content-Type: application/json" \ --data "{\"id\":\"$ZONE_IDENTIFIER\",\"type\":\"A\",\"name\":\"$DOMAIN_NAME\",\"content\":\"$NEW_IP\",\"proxied\":false}" #for now proxying through cloudflare is off, since the ssl settings can make a site go into a infinite reloadling loop. First letsencrypt should be installed to make sure this does not happen. ``` -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #20 (comment)

[HesselTjeerdsma]

@nordurljosahvida How is the implementation going?

[nordurljosahvida]

@HesselTjeerdsma sorry for the late reply. I'm trying to implement this at a lower level in our bash-framework but it's very deep so it's taking some time. I think it'll need another couple of weeks at minimum. Thanks!

[HesselTjeerdsma]

@nordurljosahvida No problem, what do you mean with implementing it on a lower level?

[nordurljosahvida]

I'm writing the setup_dns_provider module in bash-functions, the framework that underlies raptor, this way we can benefit from the dns records automation in other projects such as aenigma. It's kind of a massive undertaking so while we're at it let's do it right. Do you have all of your sites' DNS controlled by one cloudflare account spanning multiple zones?

[HesselTjeerdsma]

@nordurljosahvida ah I see, that bash framework looks interesting! Yes, I do control multiple sites via multiple zones on one account. If I can be of any help, let me know!

[HesselTjeerdsma]

Any progress on this?

[nordurljosahvida]

Hi @HesselTjeerdsma! Yes, sorry for the late reply. I've started integrating our project aenigma's DNS checks functionality inside of our bash framework dna which underlies raptor as well. I'm rewriting all of the DNS checks code from scratch and integrating an automation feature which will leverage the DNS provider functionality that I've started writing in DNA. It's still going to take some time but at least I'm now actively working on it. I'll show you some progress as it comes along. Thanks!