Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fr1t2/cloudflare_helpers

Collection of helper scripts to manage Cloudflare DNS and zeroTrust services
https://github.com/fr1t2/cloudflare_helpers

bash-script cloudflare cloudflare-zerptrust cloudflate-ddns ddns gateway-dns-location-update

Last synced: 3 days ago
JSON representation

Collection of helper scripts to manage Cloudflare DNS and zeroTrust services

Host: GitHub
URL: https://github.com/fr1t2/cloudflare_helpers
Owner: fr1t2
License: mit
Created: 2024-03-16T19:31:21.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-03-17T06:49:54.000Z (10 months ago)
Last Synced: 2024-11-08T04:41:46.151Z (about 2 months ago)
Topics: bash-script, cloudflare, cloudflare-zerptrust, cloudflate-ddns, ddns, gateway-dns-location-update
Language: Shell
Homepage:
Size: 40 KB
Stars: 2
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

# cloudflare_helpers
Collection of helper scripts to manage Cloudflare services

> Each service contains an example `secrets.txt.example` file that needs to be renamed to `secrets.txt` and filled out

## Zero Trust Gateway DNS Record Update

Update the local IP address for the [zeroTrust gateway DNS locations](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/) based on assigned dynamic public address.

This was developed to accomplish the continued protection of the DNS filtering rules with cloudflare after an ISP forced public address change. This continues the protection provided through cloudflare zeroTrust.

### Requirements

- Linux/Unix (tested on Ubuntu 22.04)
- Cloudflare account, with zeroTrust DNS filtering setup and functional. (DNS filtering out of scope here, see [cloudflare docs](https://developers.cloudflare.com/cloudflare-one/))
- `jq` installed on the local system `sudo apt install jq`
- API key that allows `Account|Zero Trust|Edit` permissions for the account
- Cloudflare account ID (Found in the url while logged in, or under any website overview, "Account ID")

### Secrets.txt

Enter your info in the secrets file, ensure the values are "quoted".

### Execution Permissions

Give the `zeroTrust_gateway_ip_update.sh` the old execute permissions massage. From the repo root folder:

`chmod +x ./ZeroTrust/zeroTrust_gateway_ip_update.sh`

### Execute the Script

If everything is done, test the script. It should find the gateway DNS location and update it with the current IP address of the device the script is ran on.

### crontab

Add the script to the crontab folder with the following (edit for your location). This runs every 10 min.

`*/10 * * * * /home/$USER/cloudflare_helpers/ZeroTrust/zeroTrust_gateway_ip_update.sh`

> **Note** This script updates every thime it runs to pickup any changes here in this repo.

## DNS Record Update

Update the IP address for the a cloudflare sub domain.

This was heavily re-used from [this gist](https://gist.github.com/Tras2/cba88201b17d765ec065ccbedfb16d9a), thanks for the great work!

### Requirements

- Linux/Unix (tested on Ubuntu 22.04)
- Cloudflare account, with a domain DNS hosted with cloudflare
- Subdomain entry for record to update
- `jq` installed on the local system `sudo apt install jq`
- API key that allows `ZOND|EDIT|zone_to_edit` permissions for the domain to edit `API_TOKEN`
- Cloudflare user email associated to the key `EMAIL`
- Domain name for record to edit `DOMAIN.TLD`
- FQDN for the record `HOST.DOMAIN.TLD`