Cloudflare DDNS - Docker Setup on FWG
Pinned FeaturedQuick and easy instructions to get Cloudflare DDNS working via docker on the Firewalla Gold. Using docker from https://github.com/oznu/docker-cloudflare-ddns
I use docker compose to set this up.
1. Follow the instructions here to get your Cloudflare API key for your domain. You'll need that for your docker-compose.yaml file below.
2. SSH into your Firewalla Gold and change directory to:
cd /home/pi/.firewalla/run/docker/
3. Create a folder cloudflareddns :
mkdir cloudflareddns
then:
cd cloudflareddns
4. Create a docker-compose.yaml file containing the below.
I use:
sudo nano docker-compose.yaml
to create and edit this file (input your API key and domain before saving).
version: '2'
services:
cloudflare-ddns:
image: oznu/cloudflare-ddns:latest
restart: always
container_name: cloudflareddns
environment:
- API_KEY=yourAPIkey
- ZONE=yourdomain.com
- PROXIED=false
networks:
default:
driver: bridge
ipam:
config:
# your chosen docker network here
- subnet: 172.30.0.0/24
5. Further steps taken here to setup Firewalla docker and network connection:
cd /home/pi/.firewalla/run/docker/cloudflareddns
sudo systemctl start docker
sudo docker-compose pull
sudo docker-compose up --no-start
sudo ip route add 172.30.0.0/24 dev br-$(sudo docker network inspect cloudflareddns_default |jq -r '.[0].Id[0:12]') table wan_routable
sudo docker-compose up --detach
6. Persistence! Make sure Docker and your container(s) load after Firewalla restarts. Note: Not sure if this works... a few times it hasn't loaded automatically.
Create file /home/pi/.firewalla/config/post_main.d/start_cloudflareddns.sh
sudo systemctl start docker
sudo systemctl start docker-compose@cloudflareddns sudo ipset create -! docker_wan_routable_net_set hash:net
sudo ipset add -! docker_wan_routable_net_set 172.30.0.0/24
7. Make the new file executable: sudo chmod +x start_cloudflareddns.sh
8. Test it runs by issuing: sudo bash start_cloudflareddns.sh
Note: This works perfectly for DNS-01 cert updates using NGINX Proxy Manager - instructions to setup are here: https://help.firewalla.com/hc/en-us/community/posts/1500000874242-NGINX-Proxy-Manager-Docker
-
When I try the command "sudo docker-compose pull", I get the following error:
"Pulling cloudflare-ddns ... errorERROR: for cloudflare-ddns b'Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:60336->[::1]:53: read: connection refused'ERROR: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:60336->[::1]:53: read: connection refused"Why is this? -
i can't seem to get my docker container to start anymore and logs show:
2022-07-18T04:44:09.864498181Z [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2022-07-18T04:44:10.019053660Z [s6-init] ensuring user provided files have correct perms...exited 0.
2022-07-18T04:44:10.024695462Z [fix-attrs.d] applying ownership & permissions fixes...
2022-07-18T04:44:10.027926116Z [fix-attrs.d] done.
2022-07-18T04:44:10.030148996Z [cont-init.d] executing container initialization scripts...
2022-07-18T04:44:10.036387988Z [cont-init.d] 30-cloudflare-setup: executing...
2022-07-18T04:44:15.052316843Z curl: (6) Could not resolve host: api.cloudflare.com
2022-07-18T04:44:15.054688432Z ----------------------------------------------------------------
2022-07-18T04:44:15.074681956Z ERROR: Invalid CloudFlare Credentials - 000
2022-07-18T04:44:15.074708693Z ----------------------------------------------------------------
2022-07-18T04:44:15.074728392Z Make sure the API_KEY is correct. You can
2022-07-18T04:44:15.074747017Z get your scoped CloudFlare API Token here:
2022-07-18T04:44:15.074765803Z https://dash.cloudflare.com/profile/api-tokens
2022-07-18T04:44:15.074784740Z
2022-07-18T04:44:15.074803765Z ----------------------------------------------------------------
2022-07-18T04:44:15.074827014Z [cont-init.d] 30-cloudflare-setup: exited 1.
2022-07-18T04:44:15.096137728Z [cont-finish.d] executing container finish scripts...
2022-07-18T04:44:15.102922744Z [cont-finish.d] 50-remove-record: executing...
2022-07-18T04:44:15.109967064Z [cont-finish.d] 50-remove-record: exited 0.
2022-07-18T04:44:15.112390226Z [cont-finish.d] done.
2022-07-18T04:44:15.113573096Z [s6-finish] waiting for services.
2022-07-18T04:44:15.330248460Z [s6-finish] sending all processes the TERM signal.
2022-07-18T04:44:18.341651403Z [s6-finish] sending all processes the KILL signal and exiting.
I updated my API key and added also updated file to reflect. I can resolve api.cloludflare.com fine. Do i need to blow away the container and rebuild?
Please sign in to leave a comment.
Comments
15 comments