Managing Your Domain with CloudFlare
- CloudFlare Setup
- Resolve Real IP Addresses in Apache Logs
- Updating DNS Records with Dynamic IP Address
CloudFlare Setup
CloudFlare is a free DNS service that not only allows you to control DNS records, but also speeds up your website by caching it on various servers around the globe, hides your IP address, keeps site online even if your server isn't, protects against various threats including DDoS and provides unique analytics tools.
Sign up, in your home screen enter domain name and press 'Add Website'. Edit few A records with your IP address and toggle orange cloud on your domain name and 'www'. If you have only one IP address at your disposal, Zone File should look similar to this. Next, choose your security settings and finally redirect your name servers in your domain registrar to CloudFlare. That's about it, you can check some of the security or performance options in 'CloudFlare settings' page.
Resolve Real IP addresses in Apache Logs
Since CloudFlare is essentially a proxy for your website, IP addresses that appear in apache.log belong to CloudFlare servers. To log visitors' real addresses you need one simple mod for Apache. First, install few dependencies:
- su
- apt-get install libtool apache2-dev
Then, download 'mod_cloudflare' source:
- cd
- wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c
Now, just install the mod with:
- apxs2 -a -i -c mod_cloudflare.c
It should enable automatically, if not, run:
- a2enmod cloudflare
- /etc/init.d/apache2 restart
Updating DNS Records with Dynamic IP Address
Most ISPs distribute their IP addresses to home users dynamically, so it changes from time to time and reaching your private server can sometimes be impossible. You can create an automated script to modify DNS records if your IP address changes. Before we start, backup your DNS record information, just in case. Go to DNS, click advanced, and export. Since this script contains sensitive information, I would suggest to do this as root user, or when you done setting up the script, modify permissions for script and log files to keep it away from other users. Let's start by creating a few log files:
- touch /var/ip
- touch /var/log/ipchanges.log
- touch /var/log/ipchanges_error.log
- chmod 600 /var/ip
- chmod 600 /var/log/ipchanges.log
- chmod 600 /var/log/ipchanges_error.log
Install curl:
- apt-get install curl
Write your current WAN IP address to '/var/ip':
- curl -s http://myip.dnsomatic.com/ > /var/ip
Next, get your CloudFlare API token by going to account settings, and viewing your 'Global API Key', then create a script file and set permissions:
- touch cloudflare.sh
- chmod 700 cloudflare.sh
- nano cloudflare.sh
Download the script or paste the following:
- #!/bin/bash
- # User variables
- AUTH_EMAIL="email"
- AUTH_KEY="wtb5weryw895rtyw8erytw5e8ry5wer9"
- ZONE="mydomain.com"
- RECORD="ip.mydomain.com"
- # Global variables
- IP=`curl -s http://myip.dnsomatic.com/`
- CURIP=`cat /var/ip`
- DATE=$(date +"%Y-%m-%d %H:%M")
- if [ ${#IP} -gt 6 ] && [ ${#IP} -lt 16 ]; then # Simple new IP check in case dnsomatic.com is down
- if [ "$IP" != "$CURIP" ]; then # Compare new and old IPs
- # Get IDs
- ZONE_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$ZONE" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*' | head -1 )
- RECORD_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=$RECORD" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*')
- # Try and make changes CloudFlare records
- UPDATE=$(curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" -H "X-Auth-Email: $AUTH_EMAIL" -H "X-Auth-Key: $AUTH_KEY" -H "Content-Type: application/json" --data "{\"id\":\"$ZONE_ID\",\"type\":\"A\",\"name\":\"$RECORD\",\"content\":\"$IP\"}")
- # Check if records edited successfully
- if [[ "$UPDATE" =~ "\"success\":false" ]]; then
- echo -e "$DATE\n$UPDATE\n" >> /var/log/ipchanges_error.log
- exit 1
- else
- echo "$DATE: $CURIP => $IP." >> /var/log/ipchanges.log
- echo $IP > /var/ip
- exit 0
- fi
- fi
- fi
You only need to change 'user variables' to make this script work, and in this case 'ip.mydomain.com' refers to address you want to use to connect to your server from outside. If there are errors, look for "message" field value in the output, usually they are quite informative. Example:
- "message":"Invalid zone identifier"
- "message":"Could not route to zones dns_records, perhaps your object identifier is invalid?"
Visit CloudFlare Documentation on API for some more details.
Next, you can set up email alert system with nice little tool 'ssmtp'.
- apt-get install ssmtp
- cd /etc/ssmtp
- cp ssmtp.conf ssmtp.conf.bak
- nano ssmtp.conf
You can find how to quickly configure it here and here. For Gmail account, configuration looks something like this:
- root=user@gmail.com
- mailhub=smtp.gmail.com:587
- UseSTARTTLS=YES
- rewriteDomain=gmail.com
- hostname=sub.yourdomain.com
- FromLineOverride=YES
- UseTLS=Yes
- UseSTARTTLS=Yes
- AuthUser=username
- AuthPass=password
- AuthMethod=LOGIN
Save, exit and add the following line in the cloudflare.sh script just before the 'exit 0':
- echo "To: recipient@mail.com\nFrom: sender@mail.com\nSubject: WAN IP Change\nWAN IP address changed from $CURIP to $IP on $DATE." | ssmtp recipient@mail.com
Fill in your email addresses, save and exit.
If your script is working correctly, then it's time to add a cronjob:
- crontab -e
Paste:
- */20 * * * * bash /path/to/script/cloudflare.sh
Save and exit. It will run the script every 20 minutes. You can modify the timer depending on your needs, but keep it reasonable.