search

oznu / docker-cloudflare-ddns

A small amd64/ARM/ARM64 Docker image that allows you to use CloudFlare as a DDNS / DynDNS Provider.
https://hub.docker.com/r/oznu/cloudflare-ddns/
GNU General Public License v3.0
1.07k stars 213 forks source link

Docker secrets not working? #42

Closed anandslab closed 4 years ago

anandslab commented 4 years ago

I could not pass Cloudflare api token via Docker secrets. With .env variables, this image works perfectly. With secrets, I get:

cf-ddns             | 2020-07-20T21:37:59.573918296Z ----------------------------------------------------------------
cf-ddns             | 2020-07-20T21:37:59.573951022Z ERROR: Invalid CloudFlare Credentials - 400
cf-ddns             | 2020-07-20T21:37:59.573958485Z ----------------------------------------------------------------
cf-ddns             | 2020-07-20T21:37:59.573964225Z Make sure the API_KEY is correct. You can

Here is my Docker Compose: 

secrets:
  cloudflare_api_token:
    file: $SECRETSDIR/cloudflare_api_token

services:
  cf-ddns:
    container_name: cf-ddns
    image: oznu/cloudflare-ddns:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment: 
      API_KEY_FILE: /run/secrets/cloudflare_api_token
      ZONE: $DOMAINNAME
      PROXIED: "true"
      RRTYPE: A
      DELETE_ON_STOP: "false"
      DNS_SERVER: 1.1.1.1
    secrets: # not working
      - cloudflare_api_token

Any help would be much appreciated.

gzecchi commented 4 years ago

Hi @htpcBeginner,

Inspired by your tutorial, I've investigated further: there is no variable "API_KEY_FILE" defined in the scripts.

I've built a custom docker image, @oznu in file root/app/cloudflare.sh I've added, in the first line of the cloudflare function this code: if [ -f "$API_KEY_FILE" ]; then API_KEY=$(cat $API_KEY_FILE) fi

So that API_KEY is populated every time cloudflare function is called, by the content of the file, in this case the docker secret.

Hope I helped,

GZ

anandslab commented 4 years ago

Wonderful. Can you upload the image or share the dockerfile?

Also a suggestion, a scoped api token would be better than api key.

gzecchi commented 4 years ago

Hi @htpcBeginner,

I forked the repo, applied the changes and pushed the image to Docker Hub: https://hub.docker.com/r/gzecchi/cloudflare-ddns.

I've tested the container with a Scoped API Token as well and it works because the API calls to the DNS are the same, it's just a change in the header of the call.

GZ

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.