https://api.ipify.org/

more is always better, right? 😀

Hey there!

This tool is great! Thanks for writing it!

How do you only update subdomains and not the main domain zone? I've tried everything that I can think of and I can't find a way to do it in the config.

I have some dockers which are extremely sensitive to cloudflare proxying. Disabling the proxy for that cname fixes consistently, but then syncflaer reverts it.

I've tried setting up an additionalRecords for it but I think it's skipping it because it's got a record from Traefik:

time="2022-02-15T07:16:42Z" level=info msg="Updated: name: wiki.example.com, type: CNAME, content: weeb.house, proxied: true, ttl: 1"
time="2022-02-15T07:17:43Z" level=warning msg="DNS record wiki.example.com is already defined in a Traefik route. Skipping..."

How can I override the traefik information with docker/compose? I think this ability exists with the kubernetes config?

Add support for multiple Traefik instances

The new YAML config could look like this?

traefik:
  # add multiple instances
  <TRAEFIK_1>:
    url: https://traefik_1.example.com
    username: admin1
    password: supersecure1  # can also be set using <TRAEFIK_1>_PASSWORD env variable
  <TRAEFIK_2>:
    url: https://traefik_2.example.com
    username: admin2
    password: supersecure2  # can also be set using <TRAEFIK_2>_PASSWORD env variable

Suggestion:

Add a map type of Traefiks

// Traefiks holds the Traefik list.
type Traefiks map[string]*Traefik

See docs
Then we can declare as many Traefik instances as we wish.

Thank you for your feedback!

when creating a pre release, the docker tag latest gets updated as well. it should only be updated when a stable release has been created.

time="2022-10-22T16:31:17Z" level=error msg="Failed to get latest release: GET https://api.github.com/repos/containeroo/syncflaer/releases/latest: 403 API rate limit exceeded for #.#.#.#. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 13m06s]"

The most recent addition "update checker" is getting rate limited by github. As fas as I can tell, there's no means of adding GH auth to the syncflaer config to prevent these.

Could either auth be added or the rate limit errors be swallowed?

with v3.0.0 a new default ip provider has been added

• add ip provider to readme
• update dockerhub readme

Summary

It would be so nice to also have this included.
In newer releases cloudflared is configured mostly through config files which contains the routes (ingress:).
In older releases the given Domains where automagically added to CF DNS. Sadly this isn't the case anymore.

How?

So a way to implement this could be:

• get the created tunnels through the API
• read the config-files (possibility of multiple files/paths)
• check if DNS present according to config and tunnel
• maybe even remove DNS if not present in config but still in CF DNS

minimal config.yml example:

tunnel: example

ingress:
  - hostname: example.domain.net
    service: http://10.0.0.1:81
  - service: http_status:404
``

I the path with the config also has to be a "key" file for cloudflared with the tunnel-id as filename:

a-b-c.json
```json
{"AccountTag":"x-y-z","TunnelSecret":"somerandomsecret","TunnelID":"a-b-c","TunnelName":"example"}

Usecase

My usecase here is basically this: I don't expose my traefik endpoints/routes to the public but instead have an internal DNS resolving those DNS ... internally. Additionally an cloudflared is configured to also have these urls in ingress and the public CF DNS is tunneling public requests through cloudflared into traefik.

internal Request --> internal DNS -+
                                   |
                                   +-> Traefik --> Service
                                   |
external Request --> CF DNS -------+

time="2022-10-25T12:34:01Z" level=error msg="Unable to get public ip from https://myip.is/ip/: http status code 404"

I also get 404 in a browser for this url.

If I go to https://myip.is, it works, and their "API" page is https://4.myip.is

Did the endpoint change? Should multiple options be defined in case one goes down?

Say you have two records:
fw-auth.example.com
auth.example.com

If fw-auth.example.com get's orphaned, SyncFlaer will not delete it since auth.example.com still matches.

time="2022-02-15T08:26:36Z" level=error msg="Unable to create DNS record 172.16: HTTP status 400: An A, AAAA, or CNAME record with that host already exists. (81053)"
time="2022-02-15T08:26:37Z" level=error msg="Unable to create DNS record 192.168: HTTP status 400: An A, AAAA, or CNAME record with that host already exists. (81053)"
time="2022-02-15T08:26:37Z" level=info msg="Waiting 4 more runs until DNS record 172.16.example.com gets deleted"
time="2022-02-15T08:26:37Z" level=info msg="Waiting 4 more runs until DNS record 192.168.example.com gets deleted"

While working on #102 I noticed that my syncflaer is constantly adding and deleting two record like the above, over and over again.

This is in docker-compose environment.

I suspect the issue might have to do with my unique Traefik label setup to get internal and external routers separate.

      - "traefik.http.routers.wiki-int.rule=Host(`wiki.$DOMAIN`) && (ClientIP(`172.16.0.0/12`) || ClientIP(`192.168.0.0/16`))"
      - "traefik.http.routers.wiki.rule=Host(`wiki.$DOMAIN`)"

The above is on a number of my docker images and that's the only place either 172.16 or 192.168 are ever mentioned in any config files anywhere.

SyncFlaer should be able to get Ingress objects from Kubernetes and parse the host rules accordingly.

There should be an annotation to skip a certain Ingress as well as annotations for setting things like ttl, content, proxied, ...

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• Update actions/cache action to v4
• Update actions/setup-go action to v5
• Update docker/setup-qemu-action action to v3
• Update github/codeql-action action to v3
• Update golangci/golangci-lint-action action to v6
• Update goreleaser/goreleaser-action action to v6
• Update module github.com/cloudflare/cloudflare-go to v2
• Update module github.com/google/go-github/v50 to v63
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update module github.com/traefik/traefik/v2 to v2.11.6 [SECURITY]
• Update module github.com/sirupsen/logrus to v1.9.3
• Update golang Docker tag to v1.23
• Update kubernetes packages to v0.31.0 (k8s.io/apimachinery, k8s.io/client-go)
• Update module github.com/cloudflare/cloudflare-go to v0.102.0
• Update module github.com/google/go-github/v50 to v50.2.0
• Update module github.com/slack-go/slack to v0.14.0
• Update actions/checkout action to v4
• Update docker/login-action action to v3
• Update docker/setup-buildx-action action to v3
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• Update github.com/containous/go-http-auth digest to 860ed7f

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

I would like to request a feature to exclude certain (manually created) DNS records from being managed (deleted) by SyncFlaer.

Use Case

I am using a domain for services proxied by traefik. SyncFlaerautomatically manages those records and the root record.
I have now started using the same domain for ProtonMail. ProtonMail requires certain CNAME records to be set on the domain.

Proposed Solution

I could set these records using SyncFlaer but I would prefer to be able to specify that SyncFlaer ignores certain records (ideally following a regex pattern). That way I could tell SyncFlaer to ignore (and therefor not delete) all records containing protonmail.

In the config this could be similar to additionalRecords.
I have also tried just setting the required CNAME records using SyncFlaer additionalRecords, however for some reason those records are continuously updated for no apparent reason.

If there is an additional record with the same hostname as in a Traefik route, SyncFlaer goes crazy and updates the record. It should skip it and print a warn message.

I tried the two following rules while setting two domains during my bitwarden_rs to vaultwarden renaming:

An operator:

rule: Host(`bitwarden.mydomain.com`) || Host(`vaultwarden.mydomain.com`)

A list:

rule: Host(`bitwarden.mydomain.com`, `vaultwarden.mydomain.com`)

Both are valid in the Router documentation and were working in Traefik but SyncFlaer saw my bitwarden.mydomain.com as orphaned and didn't pick up the vaultwarden.mydomain.com domain at all.

I worked around this in the meantime by having two separate rules.

Follows up on #163

Hi,

I tried out SyncFlaer as replacement for https://github.com/tiredofit/docker-traefik-cloudflare-companion and https://github.com/oznu/docker-cloudflare-ddns.

The first thing Syncflaer did was to delete the root records (A records with my IPs) from CloudFlare.
I intentionally had managedRootRecord: false in the config so that these records are not touched.

As a workaround I had to add additional records in the config to recreate the A records again, but my expectation was that these records are not deleted or overwritten by SyncFlaer. The comment explicitely says: "set whether you want to have the root record managed by SyncFlaer".

Is this a bug?

Jochen

Follows up #89

Currently, SyncFlaer manages the root record with hardcoded defaults.

In case a user want to use a different server for their root record than for the subdomains, we should allow users to configure their root records similar to additional records.

adapt github actions to push images to ghcr