cloudflare-ddns
lexicon
cloudflare-ddns | lexicon | |
---|---|---|
1 | 16 | |
144 | 1,444 | |
- | - | |
0.0 | 8.8 | |
over 3 years ago | 3 months ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cloudflare-ddns
-
Multiple site dynamically addressed public IP clustered node reporting system
No special router or infrastructure necessary. As other people in this thread have mentioned, sign up with cloudflare and then use a cron at the site to change your A records. This is exactly DDNS. Here's a premade script: https://github.com/adrienbrignon/cloudflare-ddns
lexicon
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
One of the biggest benefits of dehydrated is that it doesn't try to integrate with a DNS provider on its own. It just calls a hook, which can be implemented with a simple shell script[1]. The most popular third-party integration is lexicon[2], though you're not required to use Lexicon. (e.g. you're free to use awscli, gcloud, linode-cli, etc. to do the actual DNS record manipulation)
This means its dependencies footprint is much smaller, and allows you to do things that can be a nightmare to configure with Certbot or other alternatives. For example, at one of the scenarios I had to set up was that we had to query a credential via HashiCorp Vault, which is then used to cURL into an API endpoint. The shell script in total was pretty short (< 100 LOC) and it worked extremely well.
[1]: https://github.com/dehydrated-io/dehydrated/blob/master/docs...
[2]: https://github.com/AnalogJ/lexicon
-
Why Certificate Lifecycle Automation Matters
A reminder that if you an internal-only server where the typical http-01' verification connection method will not work, especially if you cannot easily/dynamically update DNS records, one can use dns-01* by using DNS aliasing/CNAME:
* https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
* https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
So if you want a cert for www.internal.example.com, you will first have do a one-time change to have a _acme-challenge.www.internal… CNAME created to point to any other (sub-)domain where you can easily update things dynamically, e.g., www-internal.example-dnsapi.com.
When request the cert for "www.internal…", LE/ACME will look up the corresponding _acme-challenge record, and go to "_acme-challenge.www-internal.example-dnsapi.com. The nonce token will be there in the 'final' destination following the CNAME in a TXT, which shows LE/ACME that you control the DNS chain.
To do the DNS updating, you can use a CLI/Python library like Lexicon, which supports dozens of APIs:
* https://github.com/AnalogJ/lexicon
-
Easy HTTPS for your private networks
This leverages the ACME DNS server which has a REST API:
* https://github.com/joohoi/acme-dns
If your DNS provider has an API, you can hook into that for internal-only web servers; this handy code supports several dozen APIs so you don't have to re-invent the wheel:
* https://github.com/AnalogJ/lexicon
* https://pypi.org/project/dns-lexicon/
* https://dns-lexicon.readthedocs.io/en/latest/user_guide.html
- Wie kommt Google Safe Browsing darauf, dass alle Seiten auf meiner Dyndns Domain phishing Seiten sind?
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
> It even comes preconfigured for various DNS providers[2]
Also, CLI utility that supports a bunch of APIs:
* https://github.com/AnalogJ/lexicon
-
what are better alternatives of noip?
Then, you can use ddclient, which supports many DNS services (including those providing DynDNS protocol), or you can write a Python script using the dns-lexicon module to manipulate the DNS records over the API.
- NextDNS Launches API
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way.
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way
- Some of the popular DNS management services as a self hosted service
What are some alternatives?
docker-traefik-cloudflare-companion - Automatically Create CNAME records for containers served by Traefik
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
cloudflare-dyndns - Simple Bash script for updating ipv4 and ipv6 dns records via Coudflare API
octoDNS - Tools for managing DNS across multiple providers
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
acme.sh - A pure Unix shell script implementing ACME client protocol
cloudscraper - A Python module to bypass Cloudflare's anti-bot page.
extdns - External DNS for docker-compose
cloudflare_ddns - Cloudflare Dynamic DNS schedule daemon
duckdns - Caddy module: dns.providers.duckdns
Cfddns - A no nonsense python script to treat Cloudflare as a dynamic DNS. Run as Docker container/scheduled task. Ipv4 and Ipv6 support.
lego - Let's Encrypt/ACME client and library written in Go