3 #.Distributed under the terms of the GNU General Public License (GPL) version 2.0
5 # script for sending updates to cloudflare.com
6 #.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
7 #.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
8 #.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
9 # CloudFlare API documentation at https://api.cloudflare.com/
11 # This script is parsed by dynamic_dns_functions.sh inside send_update() function
13 # using following options from /etc/config/ddns
14 # option username - your cloudflare e-mail
15 # option password - cloudflare api key, you can get it from cloudflare.com/my-account/
16 # option domain - "hostname@yourdomain.TLD" # syntax changed to remove split_FQDN() function and tld_names.dat.gz
18 # The proxy status would not be changed by this script. Please change it in Cloudflare dashboard manually.
20 # variable __IP already defined with the ip-address to use for update
24 [ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log
14 "Cloudflare communication require cURL with SSL support. Please install"
25 [ -z "$username" ] && write_log
14 "Service section not configured correctly! Missing key as 'username'"
26 [ -z "$password" ] && write_log
14 "Service section not configured correctly! Missing secret as 'password'"
27 [ $use_https -eq 0 ] && use_https
=1 # force HTTPS
30 local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
31 local __URLBASE
="https://api.cloudflare.com/client/v4"
34 # split __HOST __DOMAIN from $domain
36 # @example.com for "domain record"
37 # host.sub@example.com for a "host record"
38 __HOST
=$
(printf %s
"$domain" | cut
-d@
-f1)
39 __DOMAIN
=$
(printf %s
"$domain" | cut
-d@
-f2)
41 # Cloudflare v4 needs:
42 # __DOMAIN = the base domain i.e. example.com
43 # __HOST = the FQDN of record to modify
44 # i.e. example.com for the "domain record" or host.sub.example.com for "host record"
46 # handling domain record then set __HOST = __DOMAIN
47 [ -z "$__HOST" ] && __HOST
=$__DOMAIN
48 # handling host record then rebuild fqdn host@domain.tld => host.domain.tld
49 [ "$__HOST" != "$__DOMAIN" ] && __HOST
="${__HOST}.${__DOMAIN}"
52 [ $use_ipv6 -eq 0 ] && __TYPE
="A" || __TYPE
="AAAA"
54 # transfer function to use for godaddy
55 # all needed variables are set global here
56 # so we can use them directly
57 cloudflare_transfer
() {
61 write_log
7 "#> $__RUNPROG"
63 __ERR
=$?
# save communication error
64 [ $__ERR -eq 0 ] && break # no error break while
66 write_log
3 "cURL Error: '$__ERR'"
67 write_log
7 "$(cat $ERRFILE)" # report error
69 [ $VERBOSE_MODE -gt 1 ] && {
70 # VERBOSE_MODE > 1 then NO retry
71 write_log
4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
75 __CNT
=$
(( $__CNT + 1 )) # increment error counter
76 # if error count > retry_count leave here
77 [ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
78 write_log
14 "Transfer failed after $retry_count retries"
80 write_log
4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
81 sleep $RETRY_SECONDS &
83 wait $PID_SLEEP # enable trap-handler
88 grep -q '"success":\s*true' $DATFILE ||
{
89 write_log
4 "CloudFlare reported an error:"
90 write_log
7 "$(cat $DATFILE)" # report error
91 return 1 # HTTP-Fehler
95 # Build base command to use
96 __PRGBASE
="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
97 # force network/interface-device to use for communication
98 if [ -n "$bind_network" ]; then
100 network_get_physdev __DEVICE
$bind_network || \
101 write_log
13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
102 write_log
7 "Force communication via device '$__DEVICE'"
103 __PRGBASE
="$__PRGBASE --interface $__DEVICE"
105 # force ip version to use
106 if [ $force_ipversion -eq 1 ]; then
107 [ $use_ipv6 -eq 0 ] && __PRGBASE
="$__PRGBASE -4" || __PRGBASE
="$__PRGBASE -6" # force IPv4/IPv6
109 # set certificate parameters
110 if [ "$cacert" = "IGNORE" ]; then # idea from Ticket #15327 to ignore server cert
111 __PRGBASE
="$__PRGBASE --insecure" # but not empty better to use "IGNORE"
112 elif [ -f "$cacert" ]; then
113 __PRGBASE
="$__PRGBASE --cacert $cacert"
114 elif [ -d "$cacert" ]; then
115 __PRGBASE
="$__PRGBASE --capath $cacert"
116 elif [ -n "$cacert" ]; then # it's not a file and not a directory but given
117 write_log
14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
119 # disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
120 # or check if libcurl compiled with proxy support
121 if [ -z "$proxy" ]; then
122 __PRGBASE
="$__PRGBASE --noproxy '*'"
123 elif [ -z "$CURL_PROXY" ]; then
124 # if libcurl has no proxy support and proxy should be used then force ERROR
125 write_log
13 "cURL: libcurl compiled without Proxy support"
128 if [ "$username" = "Bearer" ]; then
129 write_log
7 "Found Username 'Bearer' using Password as Bearer Authorization Token"
130 __PRGBASE
="$__PRGBASE --header 'Authorization: Bearer $password' "
132 __PRGBASE
="$__PRGBASE --header 'X-Auth-Email: $username' "
133 __PRGBASE
="$__PRGBASE --header 'X-Auth-Key: $password' "
135 __PRGBASE
="$__PRGBASE --header 'Content-Type: application/json' "
137 if [ -n "$zone_id" ]; then
140 # read zone id for registered domain.TLD
141 __RUNPROG
="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
142 cloudflare_transfer ||
return 1
144 __ZONEID
=$
(grep -o '"id":\s*"[^"]*' $DATFILE |
grep -o '[^"]*$' |
head -1)
145 [ -z "$__ZONEID" ] && {
146 write_log
4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
151 # read record id for A or AAAA record of host.domain.TLD
152 __RUNPROG
="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
153 cloudflare_transfer ||
return 1
155 __RECID
=$
(grep -o '"id":\s*"[^"]*' $DATFILE |
grep -o '[^"]*$' |
head -1)
156 [ -z "$__RECID" ] && {
157 write_log
4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
161 # extract current stored IP
162 __DATA
=$
(grep -o '"content":\s*"[^"]*' $DATFILE |
grep -o '[^"]*$' |
head -1)
165 [ $use_ipv6 -eq 0 ] \
166 && __DATA
=$
(printf "%s" "$__DATA" |
grep -m 1 -o "$IPV4_REGEX") \
167 || __DATA
=$
(printf "%s" "$__DATA" |
grep -m 1 -o "$IPV6_REGEX")
169 # we got data so verify
170 [ -n "$__DATA" ] && {
171 # expand IPv6 for compare
172 if [ $use_ipv6 -eq 1 ]; then
173 expand_ipv6
$__IP __IPV6
174 expand_ipv6
$__DATA __DATA
175 [ "$__DATA" = "$__IPV6" ] && { # IPv6 no update needed
176 write_log
7 "IPv6 at CloudFlare.com already up to date"
180 [ "$__DATA" = "$__IP" ] && { # IPv4 no update needed
181 write_log
7 "IPv4 at CloudFlare.com already up to date"
188 # let's build data to send
189 # set proxied parameter
190 __PROXIED
=$
(grep -o '"proxied":\s*[^",]*' $DATFILE |
grep -o '[^:]*$')
192 # use file to work around " needed for json
193 cat > $DATFILE << EOF
194 {"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED}
197 # let's complete transfer command
198 __RUNPROG
="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
199 cloudflare_transfer ||
return 1