I’m finally moving my selfhosting experiments from a VPS to a physical machine in my house but, since I don’t have a static IP address, I opted to use the dynamic dns service offered by Cloudflare.
On their official website I’ve seen suggested ddclient but I haven’t find that much information on which labels should I add to set it up. Therefore, I’ve also found this docker image that seems pretty clean and easy to set up, but the video talking about it was of 3 years ago and I’ve seen that the github repository has been archived last year…
Which option (not necessarily among the two above) do you prefer to set up your Dynamic DNS with Cloudflare? (I don’t know if this can be an important information to add or not, but the Linux server I’m using is running NixOS)
I wrote a bash script this that updates cloudflare using their API if the public has changed, and just have it running with crontab.
It’s been running for 6 years now without issue so I recommend this
cloudflare is an intelligence company who’s flagship product involves them mitming your TLS.
why bother self-hosting, if you do it from behind cloudflare?
Because I don’t want to expose my home IP.
That’s why I didn’t want to use Cloudflare Tunnels, but just Dynamic DNS. I though that they had access to the stuff you transfer only if you use their tunneling feature and for the reasons you said is something I would prefer to avoid.
The thing is that I bought my domain on Infomaniak and most of the self-hosting tutorials I’ve seen recommend Cloudflare. Would you suggest something different?
@cypherpunks
@cypherpunks @rhys mitming?cloudflare’s service puts them in the middle - so, HTTPS doesn’t encrypt traffic between the browser and your server anymore, but instead between the browser and CF, and then (separately) between CF and your server. CF is an antidote to intelligence agencies’ problem of losing visibility when most of the web switched to HTTPS a decade ago.
CF is an antidote to intelligence agencies’ problem of losing visibility when most of the web switched to HTTPS a decade ago.
This is a claim that will need evidence backing it up.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CF CloudFlare DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL
5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #373 for this sub, first seen 25th Dec 2023, 05:15] [FAQ] [Full list] [Contact] [Source code]
All those do is essentially call the Cloudflare API. They’ll all work reasonably well. The linked Docker image for example is essentially doing the bulk of it in this bash script which they call from a cron and some other container init logic which I imagine is to do the initial update when the container starts.
Pick whatever is easiest and makes most sense for you. Even the archived Docker thing is so simple, I wouldn’t worry about it being unmaintained because it can reasonably be called a finished product. It’ll work until Cloudflare upgrades their API and shuts down the old one, which you’d get months to years of warning because of enterprise customers.
Personally, that’s a trivial enough task I’d probably just custom-write a Python script to call their API. They even have a python library for their API. Probably like 50-100 lines long tops. I have my own DNS server and my DDNS “server” is a 25 lines PHP script, and the client is a curl command in a cronjob.
DDNS is a long solved and done problem. All the development is essentially just adding new providers.
