tiredofit / docker-traefik-cloudflare-companion Goto Github PK

View Code? Open in Web Editor NEW

329.0 7.0 52.0 127 KB

Automatically Create CNAME records for containers served by Traefik

License: MIT License

Dockerfile 6.76% Python 93.24%

docker cloudflare cname dns alpine traefik

docker-traefik-cloudflare-companion's Introduction

github.com/tiredofit/docker-traefik-cloudflare-companion

About

This will build a Docker image to automatically update Cloudflare DNS records upon container start when using Traefik as a Reverse Proxy.

Maintainer

Dave Conroy

About
Maintainer
Table of Contents
Prerequisites and Assumptions
Installation
- Build from Source
- Prebuilt Images
  - Multi Architecture
Configuration
Maintenance
- Shell Access
Support
License
References

Prerequisites and Assumptions

Assumes you have either a Global or a Scoped API key from Cloudflare.
Assumes you are using Traefik as a reverse proxy:
- Traefik

Installation

Build from Source

Clone this repository and build the image with docker build -t (imagename) .

Prebuilt Images

Builds of the image are available on Docker Hub

docker pull docker.io/tiredofit/traefik-cloudflare-companion:(imagetag)

Builds of the image are also available on the Github Container Registry

docker pull ghcr.io/tiredofit/docker-traefik-cloudflare-companion:(imagetag)

The following image tags are available along with their tagged release based on what's written in the Changelog:

Container OS	Tag
Alpine	`:latest`

Multi Architecture

Images are built primarily for amd64 architecture, and may also include builds for arm/v6, arm/v7, arm64 and others. These variants are all unsupported. Consider sponsoring my work so that I can work with various hardware. To see if this image supports multiple architecures, type docker manifest (image):(tag)

Configuration

Quick Start

The quickest way to get started is using docker-compose. See the examples folder for a working compose.yml that can be modified for development or production use.
Set various environment variables to understand the capabilities of this image.

Upon startup the image looks for a label containing traefik.frontend.rule (version 1) or Host* (version2) from your running containers of either updates Cloudflare with a CNAME record of your TARGET_DOMAIN. Previous versions of this container used to only update one Zone, however with the additional of the DOMAIN environment variables it now parses the containers variables and updates the appropriate zone.

For those wishing to assign multiple CNAMEs to a container use the following format:

Traefik 1.x

  - traefik.normal.frontend.rule=Host:example1.domain.tld,example2.domain.tld

Traefik 2.x

  - traefik.http.routers.example.rule=Host(`example1.domain.tld`) || Host(`example2.domain.tld`)

Persistent Storage

File	Description
`/var/run/docker.sock`	You must have access to the docker socket in order to utilize this image

Environment Variables

Base Images used

This image relies on an Alpine Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash,curl,less,logrotate, nano.

Be sure to view the following repositories to understand all the customizable options:

Image	Description
OS Base	Customized Image based on Alpine Linux

Container Options

Parameter	Description	Default
`DRY_RUN`	Perform a test run without making any changes `TRUE` or `FALSE`	`FALSE`
`LOG_LEVEL`	Logging Level `INFO` `VERBOSE` `DEBUG`	`INFO`
`LOG_TYPE`	Log Type `CONSOLE` `FILE` `BOTH`	`BOTH`
`LOG_FILE`	Log Filename	`tcc.log`
`LOG_PATH`	Log Path	`/logs/`
`TCC_USER`	User to run application as (there is a user `tcc` that can be used)	`root`

Docker Options

Parameter	Description	Default
`DOCKER_ENTRYPOINT`	Docker Entrypoint default (local mode)	`unix://var/run/docker.sock`
`DOCKER_HOST`	(optional) If using tcp connection e.g. `tcp://111.222.111.32:2376`
`DOCKER_CERT_PATH`	(optional) If using tcp connection with TLS - Certificate location e.g. `/docker-certs`
`DOCKER_SWARM_MODE`	Enable Docker Swarm Mode `TRUE` or `FALSE`	`FALSE`
`DOCKER_TLS_VERIFY`	(optional) If using tcp conneciton to socket Verify TLS	`1`

Cloudflare Options

Parameter	Description	Default
`CF_EMAIL`	Email address tied to Cloudflare Account - Leave Blank for Scoped API
`CF_TOKEN`	API Token for the Domain
`RC_TYPE`	Record Type for The Cloudflare e.g. `A;CNAME;AAAA`	CNAME
`TARGET_DOMAIN`	Destination Hostname/IP to forward records to e.g. `host.example.com or 172.30.0.1`
`DOMAIN1`	Domain 1 you wish to update records for.
`DOMAIN1_ZONE_ID`	Domain 1 Zone ID from Cloudflare
`DOMAIN1_PROXIED`	Domain 1 True or False if proxied
`DOMAIN1_TARGET_DOMAIN`	(optional specify target_domain for Domain 1, overriding the default value from TARGET_DOMAIN)
`DOMAIN1_EXCLUDED_SUB_DOMAINS`	(optional specify sub domain trees to be ignored in lables) ex: `DOMAIN1_EXCLUDED_SUB_DOMAINS=int` would not create a CNAME for `*.int.example.com`
`DOMAIN2`	(optional Domain 2 you wish to update records for.)
`DOMAIN2_ZONE_ID`	Domain 2 Zone ID from Cloudflare
`DOMAIN2_PROXIED`	Domain 1 True or False if proxied
`DOMAIN2_TARGET_DOMAIN`	(optional specify target_domain for Domain 2, overriding the default value from TARGET_DOMAIN)
`DOMAIN2_EXCLUDED_SUB_DOMAINS`	(optional specify sub domain trees to be ignored in lables) ex: `DOMAIN2_EXCLUDED_SUB_DOMAINS=int` would not create a CNAME for `*.int.example2.com`
`DOMAIN3....`	And so on..
`DEFAULT_TTL`	TTL to apply to records	`1`

Traefik Options

Parameter	Description	Default
`TRAEFIK_VERSION`	What version of Traefik do you want to work against - `1` or `2`	`2`
`ENABLE_TRAEFIK_POLL`	Enable Traefik Polling Mode `TRUE` or `FALSE`	`FALSE`
`TRAEFIK_POLL_URL`	(optional) If using Traefik Polling mode - URL to Traefik API endpoint
`TRAEFIK_POLL_SECONDS`	(optional) If using Traefik Polling mode - Seconds to delay between poll attemps	`60`
`TRAEFIK_FILTER_LABEL`	(optional) Filter by this label	`traefik.constraint`
`TRAEFIK_FILTER`	(optional) Filter by above Label and Value
`TRAEFIK_INCLUDED_HOST1`	(optional) If using Traefik Polling mode - Regex patterns for hosts to include	`.*`
`TRAEFIK_INCLUDED_HOST...`	(optional traefik host include pattern 2 - N)
`TRAEFIK_EXCLUDED_HOST1`	(optional) If using Traefik Polling mode - Regex patterns for hosts to exclude
`TRAEFIK_EXCLUDED_HOST...`	(optional traefik host exclude pattern 2 - N)
`REFRESH_ENTRIES`	If record exists, update entry with new values `TRUE` or `FALSE`	`FALSE`

Docker Secrets

CF_EMAIL and CF_TOKEN support Docker Secrets Name your secrets either CF_EMAIL and CF_TOKEN or cf_email and cf_token.

Discovery

cloudflare-companion supports three different discovery mode: Docker, Docker Swarm, and Traefik Polling. The Docker discovery mode is the only mode enabled by default. Once matching hosts are discovered, cloudflare-companion will add or update CNAMEs in CloudFlare that point to the configured TARGET_DOMAIN.

Docker

cloudflare-companion will discover running Docker containers by searching for supported labels.

The supported labels are:

Traefik Version	Single Host	Multiple Host
`1`	`traefik.normal.frontend.rule=Host:example1.domain.tld`	`traefik.normal.frontend.rule=Host:example1.domain.tld,example2.domain.tld`
`2`	traefik.http.routers.example.rule=Host(`example1.domain.tld`)	``traefik.http.routers.example.rule=Host(`example1.domain.tld`)

Docker Swarm

Docker Swarm mode can be enabled by setting the environment variable SWARM_MODE=TRUE. This will cause cloudflare-companion to discover running Docker Swarm services with supported labels.

The supported labels are:

Traefik Version	Single Host	Multiple Host
`1`	`traefik.normal.frontend.rule=Host:example1.domain.tld`	`traefik.normal.frontend.rule=Host:example1.domain.tld,example2.domain.tld`
`2`	traefik.http.routers.example.rule=Host(`example1.domain.tld`)	``traefik.http.routers.example.rule=Host(`example1.domain.tld`)

Traefik Polling

Traefik Polling mode can be enabled by setting the environment variable TRAEFIK_VERSION=2, ENABLE_TRAEFIK_POLL=TRUE, and TRAEFIK_POLL_URL=http://<host>:<port>. This will cause cloudflare-companion to poll Traefik every 60s (default) and discover routers and include hosts which match the following rules:

Provider is not docker
Status is enabled
Name is present
Rule contains Host(...)
Host matches include patterns (default: .*)
Host does not match exclude patterns (default: none)

The polling interval can be configured by setting the environment variable TRAEFIK_POLL_SECONDS=120.

Filtering

Discovered hosts are matched against include and exclude patterns to determine if they should be included in the sync to CloudFlare. By default, all found hosts are included. Exclude patterns are higher priority than include patterns. The defaults can be changed by configuring include and exclude patterns.

Include Patterns

Include patterns can be specified by defining one or more TRAEFIK_INCLUDED_HOST<XXX> variables such as TRAEFIK_INCLUDED_HOST1=.*-data\.foobar\.com and TRAEFIK_INCLUDED_HOST2=.*-api\.foobar\.com. The pattern is a regular expression that is used to determine if the host should be included.

Exclude Patterns

Exclude patterns can be specified by defining one or more TRAEFIK_EXCLUDED_HOST<XXX> variables such as TRAEFIK_EXCLUDED_HOST1=private-data\.foobar\.com and TRAEFIK_EXCLUDED_HOST2=.*-internal-api\.foobar\.com. The pattern is a regular expression that is used to determine if the host should be excluded. Exclude patterns filter out results after include patterns are executed.

By Label (Docker Endpoint only)

If both TRAEFIK_FILTER_LABEL and TRAEFIK_FILTER are set only operate on containers with these matching values. This is useful if running multiple copies of Traefik and multiple copies of Cloudflare companion on your system or cluster or to limit acting on specific containers. Example:

TRAEFIK_CONSTRAINT_LABEL=traefik.constraint
TRAEFIK_CONSTRAINT=proxy-public

In your serving container:

services:
  nginx:
    image: tiredofit/nginx:latest
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.nginx.rule=Host(`nginx.example.com`)
        - ...
        - traefik.constraint=proxy-public

Maintenance

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g. traefik-cloudflare-companion) bash

Support

These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.

Usage

The Discussions board is a great place for working with the community on tips and tricks of using this image.
Sponsor me for personalized support.

Bugfixes

Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.

Feature Requests

Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
Sponsor me regarding development of features.

Updates

Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
Sponsor me for up to date releases.

License

MIT. See LICENSE for more details.

References

docker-traefik-cloudflare-companion's People

Contributors

Stargazers

Watchers

Forkers

aguerrave sharkoz y8x charliecano kneely eckphi estallio gwihlidal dchidell stephenl03 mbjurstrom marchandpatrick jackkellogg kmdm chewtoys zombielinux shizunge northguy svenrodrigues renowncoder inifitis eidanyosoy jgstern darkobg79 kadaan porelli ixian nerodacles yashodhank zackmitkin timkrins cford1080 charghoul burkely-00orso69 ayoubjadouli knd775 nkyo albreis inspirepfs dhumphrey7 ncwhale edenhaus mxmeeple milleruk thedigitaloctopus ntatschner 471-fr kazhuyo rezytijo definiteiymaybe vsujeesh

docker-traefik-cloudflare-companion's Issues

Set proxy status for domain records

The records that are being automatically created in cloudflare have the proxy status set to false, but I'd like for the new subdomains to be proxied by default to hide my IP. Is this possible at the moment? Didn't see it in the docs.

Support for Raspberry Pi

Can you add support for raspberry?

Enchancement: Support for Docker Secrets

I would like to request an update to add in feature support Docker Secrets passing values to the container.

Authentication error with zone DNS API token

For minimal permissions I have created an API token locked down to zone DNS edits using the "Edit zone DNS" template:

When launching this service I get an Authentication error:

cloudflare-companion | [INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
cloudflare-companion | Traceback (most recent call last):
cloudflare-companion |   File "/usr/sbin/cloudflare-companion", line 276, in <module>
cloudflare-companion |     init(doms)
cloudflare-companion |   File "/usr/sbin/cloudflare-companion", line 211, in init
cloudflare-companion |     check_container_t2(c, doms)
cloudflare-companion |   File "/usr/sbin/cloudflare-companion", line 176, in check_container_t2
cloudflare-companion |     point_domain(extracted_domains[0], doms)
cloudflare-companion |   File "/usr/sbin/cloudflare-companion", line 91, in point_domain
cloudflare-companion |     records = cf.zones.dns_records.get(dom['zone_id'], params={u'name': name})
cloudflare-companion |   File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 672, in get
cloudflare-companion |     return self._base.call_with_auth('GET', self._parts,
cloudflare-companion |   File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth
cloudflare-companion |     return self._call(method, headers, parts,
cloudflare-companion |   File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 502, in _call
cloudflare-companion |     raise CloudFlareAPIError(code, message)
cloudflare-companion | CloudFlare.exceptions.CloudFlareAPIError: Authentication error

Am I missing other permissions?

Randomly stopped working, log is full of errors

I had this working for quite some time, but it seems to have failed recently and I'm not sure why. The logs are full of errors like these and recreating the container doesn't fix it.

urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory')),
    sock.connect(self.unix_socket),
  File "/usr/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect,
    self.connect(),
  File "/usr/lib/python3.8/http/client.py", line 950, in send,
    self.send(msg),
  File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output,
    self._send_output(message_body, encode_chunked=encode_chunked),
    self.endheaders(body, encode_chunked=encode_chunked),
  File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders,
  File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request,
    self._send_request(method, url, body, headers, encode_chunked),
  File "/usr/lib/python3.8/http/client.py", line 1255, in request,
    conn.request(method, url, **httplib_request_kw),
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request,
    httplib_response = self._make_request(,
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen,
    raise value.with_traceback(tb),
  File "/usr/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise,
    raise six.reraise(type(error), error, _stacktrace),
  File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 403, in increment,
    retries = retries.increment(,
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 726, in urlopen,
    resp = conn.urlopen(,
  File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send,
Traceback (most recent call last):

Create A-records instead

Instead of CNAMEs, I'd like to create A-Records, as with Cloudflare free tier, CNAMEs get flattened to reveal destination IP, bypassing the proxy function.

Add multiple excluded subdomains in docker-compose

Hey!

It seems we can't add multiple subdomains to exclude in docker-compose with the variable DOMAIN1_EXCLUDED_SUB_DOMAINS

When enter one subdomain, there is no problem. The CNAME record will not be added in the DNS zone.
But if adding multiple subdomains, with comma separated, all subdomains will be added by a CNAME in the DNS zone.

Example of working excluded subdomains docker-compose:

  cf-companion:
    container_name: cf-companion
    hostname: cf-companion
    image: tiredofit/traefik-cloudflare-companion:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL
      - CF_TOKEN=$CLOUDFLARE_API_KEY
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=XXXXXXXXXXXXX
      - DOMAIN1_PROXIED=TRUE
      - DOMAIN1_EXCLUDED_SUB_DOMAINS=phpmyadmin

Example of not working excluded subdomains docker-compose (if wanted to use more than one subdomain excluded):

  cf-companion:
    container_name: cf-companion
    hostname: cf-companion
    image: tiredofit/traefik-cloudflare-companion:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL
      - CF_TOKEN=$CLOUDFLARE_API_KEY
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=XXXXXXXXXXXXX
      - DOMAIN1_PROXIED=TRUE
      - DOMAIN1_EXCLUDED_SUB_DOMAINS=phpmyadmin,influxdb

Already tried with a space between subdomains, with a semicolon, by specifying multiple times DOMAIN1_EXCLUDED_SUB_DOMAINS (only the last definition is working, of course), with double quotes. None are working.

Thanks for the help!

ignore spercific subdomains

I use a wildcard cname for *.lan.example.com on my cloudflare this points to an an internal address.
when I run the container it creates enties for each of these internal services.
a way to ignore specific subdomains would be great.

Image fails to pull on any LXC instance of Docker

Summary

Whenever the image is pulled down from Docker hub, the following error is encountered when trying to pull the image:
failed to register layer: ApplyLayer exit status 1 stdout: stderr: lchown /run/fail2ban: invalid argument
Most of my reading into this, implies that this is an issue with rootless mode specifically. All of the other containers I was pulling did not have any issues, this was the only one that had any issues in rootless mode. Something during the pull is calling a UID and GID beyond 65565, which is the max uid and gid values on an LXC container in rootless mode.

Steps to reproduce

Attempt to pull the docker image from hub.docker.com on an LXC Container with Docker on it. (I have tried it on both Debian and Almalinux with the same results)

What is the expected correct behavior?

The image should pull without erroring out.

Relevant logs and/or screenshots

[root@docker3 etc]# sudo docker pull tiredofit/traefik-cloudflare-companion
Using default tag: latest
latest: Pulling from tiredofit/traefik-cloudflare-companion
213ec9aee27d: Pull complete 
309f922759ec: Extracting [==================================================>]  46.13MB/46.13MB
45d9207b0216: Download complete 
af2e2319950c: Download complete 
18e4eeca72f6: Download complete 
failed to register layer: ApplyLayer exit status 1 stdout:  stderr: lchown /run/fail2ban: invalid argument

Environment

Image version / tag: Latest (6.8.5)
Guest OS: Almalinux 8.6
Host OS: Proxmox 7.2-7

Don't work with SWARM_MODE

Hi, thank for your great solution. Please, explain why container does not watching swarm cluster and updating cloudflare cnames?

version: '3.5'

services:
  traefik-cloudflare-companion:
    image: tiredofit/traefik-cloudflare-companion
    networks:
      - {{ monitoring_network_name }}
      - {{ traefik_network_name }}
      - internal
    environment:
      - TIMEZONE={{ TZ }}
      - TRAEFIK_VERSION="2"
      - CF_EMAIL={{ cf_api_email }}
      - CF_TOKEN={{ cf_api_key }}
      - TARGET_DOMAIN={{ app_domain_name }}
      - DOMAIN1={{ app_domain_name }}
      - DOMAIN1_ZONE_ID={{ cf_api_zone }}
      - DOMAIN1_PROXIED="TRUE"
      - SWARM_MODE="TRUE"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

networks:
  {{ monitoring_network_name }}:
    driver: overlay
    attachable: true
    name: {{ monitoring_network_name }}
  {{ traefik_network_name }}:
    external: true
    name: {{ traefik_network_name }}
  internal:
    external: false

[RPi][ARMv7] Fatal Error on Startup - Python error: pyinit_main: can't initialize time

Summary

Docker container fails to start;

After initialization it shoots the following errors in the Docker Logs:

Current thread 0x76fc7390 (most recent call first):
<no Python frame>
7889-11-12-01:56:40 [STARTING] ** [monitoring] [1] Starting Zabbix Agent (modern) 5.4.2
7889-09-19-00:35:36 [STARTING] ** [traefik-cloudflare-companion] [2] Starting Traefik Cloudflare Companion
Fatal Python error: pyinit_main: can't initialize time
Python runtime state: core initialized
PermissionError: [Errno 1] Operation not permitted

Steps to reproduce

Run on RaspberryPi3 (Armv7).

What is the expected correct behavior?

Should start

Relevant logs and/or screenshots

Recreating cf-companion ... done
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 00-functions: applying...
[fix-attrs.d] 00-functions: exited 0.
[fix-attrs.d] 01-s6: applying...
[fix-attrs.d] 01-s6: exited 0.
[fix-attrs.d] 02-zabbix: applying...
[fix-attrs.d] 02-zabbix: exited 0.
[fix-attrs.d] 03-logrotate: applying...
[fix-attrs.d] 03-logrotate: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-startup: executing...
[cont-init.d] 00-startup: exited 0.
[cont-init.d] 01-timezone: executing...
[cont-init.d] 01-timezone: exited 0.
[cont-init.d] 02-permissions: executing...
[cont-init.d] 02-permissions: exited 0.
[cont-init.d] 03-monitoring: executing...
7889-11-19-08:08:24 [NOTICE] ** [monitoring] Container configured for monitoring with 'zabbix modern'
[cont-init.d] 03-monitoring: exited 0.
[cont-init.d] 04-scheduling: executing...
7889-09-14-17:59:20 [NOTICE] ** [scheduling] Disabling Scheduling
[cont-init.d] 04-scheduling: exited 0.
[cont-init.d] 05-logging: executing...
/var/run/s6/etc/cont-init.d/05-logging: line 11: /assets/cron//logrotate: No such file or directory
7889-09-08-06:06:48 [NOTICE] ** [logging] Disabling Log Shipping Functionality
[cont-init.d] 05-logging: exited 0.
[cont-init.d] 06-messaging: executing...
7889-10-01-02:12:08 [NOTICE] ** [messaging] Container configured to route mail via SMTP to 'postfix-relay'
[cont-init.d] 06-messaging: exited 0.
[cont-init.d] 10-cloudflare-companion: executing...
[cont-init.d] 10-cloudflare-companion: exited 0.
[cont-init.d] 99-container: executing...
[cont-init.d] 99-container: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
7889-10-24-08:29:12 [STARTING] ** [traefik-cloudflare-companion] [1] Starting Traefik Cloudflare Companion
Fatal Python error: pyinit_main: can't initialize time
Python runtime state: core initialized
PermissionError: [Errno 1] Operation not permitted

Current thread 0x76fc7390 (most recent call first):
<no Python frame>
7889-11-12-01:56:40 [STARTING] ** [monitoring] [1] Starting Zabbix Agent (modern) 5.4.2
7889-09-19-00:35:36 [STARTING] ** [traefik-cloudflare-companion] [2] Starting Traefik Cloudflare Companion
Fatal Python error: pyinit_main: can't initialize time
Python runtime state: core initialized
PermissionError: [Errno 1] Operation not permitted

Current thread 0x76f68390 (most recent call first):
<no Python frame>
7889-10-30-03:34:48 [STARTING] ** [traefik-cloudflare-companion] [3] Starting Traefik Cloudflare Companion
Fatal Python error: pyinit_main: can't initialize time
Python runtime state: core initialized
PermissionError: [Errno 1] Operation not permitted

Environment

Image version / tag: latest (6.5.1?)
Host OS: Raspbian GNU/Linux 10 (buster)

  cf-companion:
    container_name: cf-companion
    image: tiredofit/traefik-cloudflare-companion:latest
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL # Same as traefik
      - CF_TOKEN=$CLOUDFLARE_API_KEY # Same as traefik
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID # Copy from Cloudflare Overview page
      - DOMAIN1_PROXIED=TRUE

Possible fixes

I read online that libseccomp2 should be updated, but I'm not sure.
linuxserver/docker-calibre-web#119

A working workaround exists here:
https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/

Disabling Log Shipping Functionality

Summary

today at 06:49:42 /var/run/s6/etc/cont-init.d/05-logging: line 11: /assets/cron//logrotate: No such file or directory
today at 06:49:42 2021-08-09-06:49:42 [NOTICE] ** [logging] Disabling Log Shipping Functionality

Steps to reproduce

Start container, see logs.

What is the expected correct behavior?

For log rotate to work.

Relevant logs and/or screenshots

today at 06:49:41 2021-08-09-06:49:41 [NOTICE] ** [container-init] Detected Container that has been restarted - Cleaning '/tmp/state' files
today at 06:49:41 [cont-init.d] 00-startup: exited 0.
today at 06:49:41 [cont-init.d] 01-timezone: executing... 
today at 06:49:41 [cont-init.d] 01-timezone: exited 0.
today at 06:49:41 [cont-init.d] 02-permissions: executing... 
today at 06:49:41 [cont-init.d] 02-permissions: exited 0.
today at 06:49:41 [cont-init.d] 03-monitoring: executing... 
today at 06:49:41 2021-08-09-06:49:41 [NOTICE] ** [monitoring] Container configured for monitoring with 'zabbix modern'
today at 06:49:41 [cont-init.d] 03-monitoring: exited 0.
today at 06:49:41 [cont-init.d] 04-scheduling: executing... 
today at 06:49:41 2021-08-09-06:49:41 [NOTICE] ** [scheduling] Disabling Scheduling
today at 06:49:41 [cont-init.d] 04-scheduling: exited 0.
today at 06:49:41 [cont-init.d] 05-logging: executing... 
today at 06:49:42 /var/run/s6/etc/cont-init.d/05-logging: line 11: /assets/cron//logrotate: No such file or directory
today at 06:49:42 2021-08-09-06:49:42 [NOTICE] ** [logging] Disabling Log Shipping Functionality
today at 06:49:42 [cont-init.d] 05-logging: exited 0.
today at 06:49:42 [cont-init.d] 06-messaging: executing... 
today at 06:49:42 2021-08-09-06:49:42 [NOTICE] ** [messaging] Container configured to route mail via SMTP to 'postfix-relay'
today at 06:49:42 [cont-init.d] 06-messaging: exited 0.
today at 06:49:42 [cont-init.d] 10-cloudflare-companion: executing... 
today at 06:49:42 [cont-init.d] 10-cloudflare-companion: exited 0.
today at 06:49:42 [cont-init.d] 99-container: executing... 
today at 06:49:42 [cont-init.d] 99-container: exited 0.
today at 06:49:42 [cont-init.d] done.
today at 06:49:42 [services.d] starting services
today at 06:49:42 [services.d] done.

Environment

Docker, latest

  # Cloudflare-Companion - Automatic CNAME DNS Creation
  cfcompanion:
    container_name: CF-Companion
    image: tiredofit/traefik-cloudflare-companion:latest
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL # Same as traefik
      # - CF_TOKEN=$CLOUDFLARE_API_TOKEN # Scoped api token not working. Error 10000.
      - CF_TOKEN=$CLOUDFLARE_API_KEY # Same as traefik
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID # Copy from Cloudflare Overview page
      - DOMAIN1_PROXIED=TRUE
    depends_on:
      - dnscrypt-proxy
    # depends_on: 
    #   dnscrypt-proxy:
    #     condition: service_healthy
    labels:
      # Add hosts specified in rules here to force cf-companion to create the CNAMEs
      # Since cf-companion creates CNAMEs based on host rules, this a workaround for non-docker/external apps
      - "traefik.http.routers.cf-companion-rtr.rule=Host(`netdata.$DOMAINNAME`)" 
      #- "traefik.http.routers.cf-companion-rtr.rule=Host(`impi.$DOMAINNAME`)" #TLS middlewares not yet implemented https://github.com/containous/traefik/issues/6684
      #- "traefik.http.routers.cf-companion-rtr.rule=Host(`webmin.$DOMAINNAME`)" #TLS middlewares not yet implemented https://github.com/containous/traefik/issues/6684
    networks:
      - isonet

Possible fixes

Looks like line 11 has an errant "/" (/assets/cron//logrotate)

No CNAME's records added

Hello :)
Docker swarm + dtcc 6.0.1

[INFO] ** [zabbix] Starting Zabbix Agent
zabbix_agentd [743]: Warning: EnableRemoteCommands parameter is deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
Starting Zabbix Agent [alpine]. Zabbix 5.0.2 (revision {ZABBIX_REVISION}).
Press Ctrl+C to exit.


[debug] Swarm Mode: true
[debug] Refresh Entries: false
[debug] Traefik Version: 1
[debug] Default TTL: 1

Nothing happens.

environment:
      TRAEFIK_VERSION: 1
      CF_EMAIL: email
      CF_TOKEN: token
      DOMAIN1: domain
      DOMAIN1_ZONE_ID: zoneId
      DOMAIN1_PROXIED: "true"
      TARGET_DOMAIN: target
      SWARM_MODE: "true"
      REFRESH_ENTRIES: "false"
      CONTAINER_LOG_LEVEL: DEBUG

Also it would be nice if script will listen docker sock for not just "start" event, but for "update" (if it possible) too, because docker stack deploy trigger "update" (Updating service ...) if service already exist.

Constant Authentication Errors

Summary

When I add a new domain to a container through traefik, cloudflare-companion errors out repeatedly with authentication failures to cloudflare. I'm not sure if something has changed with Cloudflare's API, but both of my other services which rely on the same API keys/tokens do not have the same issue as this does.

Steps to reproduce

(Input your api keys and tokens, and then attempt to start the container with a host set to a subset of the domain.)

What is the expected correct behavior?

It should not error and should create the subdomain automatically.

Relevant logs and/or screenshots

cloudflare-companion    | 2022-08-14.15:59:38 [STARTING] ** [traefik-cloudflare-companion] [19] Starting Traefik Cloudflare Companion
cloudflare-companion    | Traceback (most recent call last):
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 466, in <module>
cloudflare-companion    |     sync_mappings(get_initial_mappings(traefik_included_hosts, traefik_excluded_hosts), doms)
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 354, in sync_mappings
cloudflare-companion    |     if point_domain(k, domain_infos):
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 168, in point_domain
cloudflare-companion    |     records = cf.zones.dns_records.get(domain_info['zone_id'], params={u'name': name})
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 695, in get
cloudflare-companion    |     return self._base.call_with_auth('GET', self._parts,
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 139, in call_with_auth
cloudflare-companion    |     return self._call(method, headers, parts,
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 525, in _call
cloudflare-companion    |     raise CloudFlareAPIError(code, message)
cloudflare-companion    | CloudFlare.exceptions.CloudFlareAPIError: Authentication error

Environment

Image version / tag: 6.8.5
Host OS: Proxmox VE 7.2-7
Guest OS: Almalinux 8.6 x86_64

docker-compose.yml

version: "3.7"
networks:
  internal:
    driver: bridge
  services:
    driver: bridge
  keycloakDB:
    driver: bridge
volumes:
  traefik-logs:
services:
  cloudflare-ddns:
    image: timothyjmiller/cloudflare-ddns:latest
    container_name: cloudflare-ddns
    security_opt:
      - no-new-privileges:true
    network_mode: "host"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./CloudflareDDNS/config.json:/config.json:ro
    restart: unless-stopped
  cloudflare-companion:
    image: tiredofit/traefik-cloudflare-companion:latest
    container_name: cloudflare-companion
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TRAEFIK_VERSION=2
      - CF_EMAIL=<Redacted>
      - CF_TOKEN=<Redacted>
      - TARGET_DOMAIN=ddns.domain.tld
      - DOMAIN1=domain.tld
      - DOMAIN1_PROXIED=true
      - DOMAIN1_ZONE_ID=<Redacted>
      #- DOCKER_HOST=tcp://198.51.100.32:2376
      #- DOCKER_CERT_PATH=/docker-certs
      #- DOCKER_TLS_VERIFY=1
    networks:
      - internal
      - services
    restart: unless-stopped
  KCPostgres:
    image: bitnami/postgresql:14
    container_name: keycloakDB
    restart: unless-stopped
    networks:
      - keycloakDB
    volumes:
      - ./postgres/data/postgres_data:/bitnami/postgresql/
    ports:
      - 5432:5432
    env_file:
      - ./postgres/KCpostgres.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U <Redacted>"]
      interval: 10s
      timeout: 5s
      retries: 5
  KCPBackup:
      image: bitnami/postgresql:14
      container_name: KCDBBackup
      networks: 
        - keycloakDB
      volumes:
        - ./postgres/data/backup/:/dump/
      restart: unless-stopped
      environment:
        - PGHOST=KCPostgres
        - PGUSER=<redacted>
        - PGPASSWORD=<redacted>
        - BACKUP_NUM_KEEP=7
        - BACKUP_FREQUENCY=1d
      entrypoint: |
        bash -c 'bash -s <<EOF
        trap "break;exit" SIGHUP SIGINT SIGTERM
        sleep 2m
        while /bin/true; do
          pg_dump -Fc > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.psql
          (ls -t /dump/dump*.psql|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.psql)|sort|uniq -u|xargs rm -- {}
          sleep $$BACKUP_FREQUENCY
        done
        EOF'
      depends_on:
        KCPostgres:
          condition: service_healthy
  traefik:
      image: traefik:vacherin
      container_name: traefik
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      networks:
        - services
      ports:
        - 80:80
        - 443:443
        - 8080:8080
      environment:
        - CF_API_EMAIL=<Redacted>
        #- CF_API_KEY=<Redacted>
        - CF_DNS_API_TOKEN=<Redacted>
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./Traefik/data/traefik.yml:/traefik.yml:ro
        - ./Traefik/data/acme.json:/acme.json
        - ./Traefik/data/config.yml:/config.yml:ro
        - ./Traefik/data/log:/var/log/traefik
      labels:
        - traefik.enable=true
        - traefik.http.routers.traefik.entrypoints=http
        - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
        - traefik.http.middlewares.redirect-to-https.redirectscheme.port=443
        - traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)
        - traefik.http.routers.redirs.entrypoints=http
        - traefik.http.routers.redirs.middlewares=redirect-to-https
        - traefik.http.routers.dashboard.rule=Host(`traefik.domain.tld`)
        - traefik.http.services.dashboard.loadbalancer.server.port=8080

Possible fixes

Exclude certain containers based on docker-compose label

Description of the feature
It is possible to exclude certain subdomain trees from Cloudflare companion by adding these to the environment variables of Cloudflare companion like

DOMAIN1_EXCLUDED_SUB_DOMAINS	(optional specify sub domain trees to be ignored in lables) ex: DOMAIN1_EXCLUDED_SUB_DOMAINS=int would not create a CNAME for *.int.example.com

Would it also be possible to exclude specific containers from being added to Cloudflare by adding an additional cloudflare-exclude=yes label?

Motivation: I am using a split DNS and I would like Traefik to listen to all subdomains on my LAN (hence all containers have a traefik router label applied), but I only want a few of the containers actually published as subdomain on cloudflare.

Version tag on docker hub for 6.7.0?

Summary

Latest has been updated but no versioned tag exists. I prefer those for this container, thanks.

EDIT: Seems the action failed: https://github.com/tiredofit/docker-traefik-cloudflare-companion/actions/runs/1500618594

Enable flag in label

Similar to Traefik, add a flag to enable cloudfare-companion for individual containers based on an additional label.

labels:
cloudflare.enable=True

It would also be useful to have an environment variable to set the default behavior.

Create "A" record if it does not exist for TARGET_DOMAIN ?

Hey, great product!

Description of the feature
To be able to create the A record for the target_domain if it does not exist.
Maybe have to introduce another variable for TARGET_NAME_IP (optional) - so that it is able to add it OR update it.

Benftits of feature
The companion would take care of creating the main A record so we don't need to add these manually.

Support for defaultRule

Instead of defining Host label under each service, i have a default rule in the traefik.yml configuration as shown below:

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    swarmMode: false
    network: traefik_2
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.domain.com`)"

Is their any work around for this scenario or possibility to add support?

Feature request: Delete CNAME on container stop

Heya,

I'm unsure if this is possible at all.

Would it be feasible to delete CNAMEs on containers that no longer exist?

Would be useful for test containers or limited time/scope mini-projects that once their usefulness is done can just be deleted. But obviously currently, the CNAME still stays up on CF.

Thanks!

Enchancement: Support for Docker Secrets

I moved my CF token to docker secrets from .env. But cf-companion does not appear to work with secrets.

Support for internal domain

use case

I have a few services on my internal network I’d like the ability to generate SSL certs for but not have them exposed behind the gateway.

Use case — I’m running an internal dns server and using an Unraid box. The box has multiple services running, some internal and some external only. All requests are being done via my TLD for simplicity — internal dns handles the routing and it never hits the external dns server. Some services are being exposed to the internet.
All these containers have the routing handled via Traefik

As of right now this container is almost perfect for me

Feature

A label that can be added to containers to generate an ssl certificate but not add an external dns entry

an A, AAAA or CNAME record already exists with that host

Not sure if really a bug but anyway:

I've recently updated my setup to use proxied dns from cloudflare. The first node was done manually. But I hoped to automate the second one a bit by changing the DOMAIN1_PROXIED to TRUE and restarting the container. At first it did nothing (no result and nothing interesting in the logs) but after recreating it through portainer, it spat out the following

2020-10-16 08:02:23,553 - Python Cloudflare API v4 - DEBUG - Response: 400, application/json, b'{"result":null,"success":false,"errors":[{"code":81053,"message":"An A, AAAA or CNAME record already exists with that host."}],"messages":[]}'


2020-10-16 08:02:23,553 - Python Cloudflare API v4 - DEBUG - Response: error 81053 An A, AAAA or CNAME record already exists with that host.

and:

[DEBUG] Container List Discovery Loop


[DEBUG] Called check_container_t2 for: <Container: ca997d9b92>


[DEBUG] Starting event watch routines


--- Logging error ---


Traceback (most recent call last):


  File "/usr/lib/python3.8/logging/__init__.py", line 1081, in emit


    msg = self.format(record)


  File "/usr/lib/python3.8/logging/__init__.py", line 925, in format


    return fmt.format(record)


  File "/usr/lib/python3.8/logging/__init__.py", line 664, in format


    record.message = record.getMessage()


  File "/usr/lib/python3.8/logging/__init__.py", line 369, in getMessage


    msg = msg % self.args


TypeError: not all arguments converted during string formatting


Call stack:


  File "/usr/sbin/cloudflare-companion", line 253, in <module>


    logger.debug("Time:", t)


Message: 'Time:'


guments: ('1602835343',)


[DEBUG] Called check_container_t2 for: <Container: 2ef775c29e>

The first is understandable, The second might be worth looking into.

Also if this is working as intended (might be dangerous to just overwrite existing records, or even impossible with the python API) It might be an idea to include a FORCE_UPDATE_RECORDS parameter for people like me that want all their records updated regardless of current settings

Scoped api token not working. Error 10000

As the title says, workaround by using Global API Key.

script 10-cloudflare-companion did not pass completion check

Summary

I built the local docker image on armV7 succesfully a couple of weeks ago. When I update the local docker build with the newest version, it build successfully, but doesn't launch.

Steps to reproduce

What is the expected correct behavior?

no errors

Relevant logs and/or screenshots

**********************************************************************************************************************
**********************************************************************************************************************
****                                                                                                              ****
****       ERROR - Some initialization scripts haven't completed - All services are now halted                    ****
****             - The following scripts in '/etc/cont-init.d' did not pass their completion check                ****
****                                                                                                              ****
**********************************************************************************************************************
**********************************************************************************************************************

10-cloudflare-companion

[cont-init.d] 06-messaging: exited 0.
[cont-init.d] 10-cloudflare-companion: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/10-cloudflare-companion: No such file or directory
[cont-init.d] 10-cloudflare-companion: exited 127.
[cont-init.d] 99-container: executing...

However, the file does exist

bash-5.1# cat /var/run/s6/etc/cont-init.d/10-cloudflare-companion
#!/command/with-contenv bash

source /assets/functions/00-container
prepare_service single
PROCESS_NAME="traefik-cloudflare-companion"

Sanity Test

sanity_var TARGET_DOMAIN "Target Domain"
sanity_var DOMAIN1 "Domain 1"
sanity_var DOMAIN1_ZONE_ID "Domain 1 Zone ID"

liftoff

### Environment

- Image version / tag:  docker built locally
- Host OS: Linux 5.10.63-v7+ #1496 SMP Wed Dec 1 15:58:11 GMT 2021 armv7l GNU/Linux

<details>
  cf-companion:
    container_name: cf-companion
    image: cf-comp:latest
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=Europe/Brussels
      - TRAEFIK_VERSION=2
      - CF_EMAIL=${CF_API_EMAIL}
      - CF_TOKEN=${CF_GLOBAL_API_KEY}
      - TARGET_DOMAIN=${DOMAIN_NAME}
      - DOMAIN1=${DOMAIN_NAME}
      - DOMAIN1_ZONE_ID=${CF_ZONE_ID}
      - DOMAIN1_PROXIED=TRUE
      - </details>

<!-- Include anything additional -->
    
### Possible fixes
<!-- If you can, provide details to the root cause that might be responsible for the problem. -->

Cloudflare - no CNAME's added

I've configured DTCC as described in the example compose file but none of my containers are getting corresponding cnames in cloudflare.
`[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

[s6-init] ensuring user provided files have correct perms...exited 0.

[fix-attrs.d] applying ownership & permissions fixes...

[fix-attrs.d] 00-functions: applying...

[fix-attrs.d] 00-functions: exited 0.

[fix-attrs.d] 01-s6: applying...

[fix-attrs.d] 01-s6: exited 0.

[fix-attrs.d] 02-zabbix: applying...

[fix-attrs.d] 02-zabbix: exited 0.

[fix-attrs.d] 03-logrotate: applying...

[fix-attrs.d] 03-logrotate: exited 0.

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] 00-startup: executing...

[cont-init.d] 00-startup: exited 0.

[cont-init.d] 01-timezone: executing...

[NOTICE] ** [timezone] Setting timezone to 'America/Chicago'

[cont-init.d] 01-timezone: exited 0.

[cont-init.d] 02-permissions: executing...

[cont-init.d] 02-permissions: exited 0.

[cont-init.d] 03-zabbix: executing...

[cont-init.d] 03-zabbix: exited 0.

[cont-init.d] 04-cron: executing...

[NOTICE] ** [cron] Disabling Cron

[cont-init.d] 04-cron: exited 0.

[cont-init.d] 05-smtp: executing...

[NOTICE] ** [smtp] Disabling SMTP Features

[cont-init.d] 05-smtp: exited 0.

[cont-init.d] 10-cloudflare-companion: executing...

/var/run/s6/etc/cont-init.d/10-cloudflare-companion: line 4: prepare_service: command not found

[NOTICE] ** [traefik-cloudflare-companion] Setting Traefik 2.x Mode

[cont-init.d] 10-cloudflare-companion: exited 0.

[cont-init.d] 99-container: executing...

[cont-init.d] 99-container: exited 0.

[cont-init.d] done.

[services.d] starting services

[services.d] done.

[INFO] ** [zabbix] Starting Zabbix Agent`

All containers are accessible with wildcard cert.

Support for TCP Header with Host SNI

Hello,

When setting a HostSNI prefix instead of Host on a TCP router (as opposed to HTTP) for something like Nextcloud, the subdomains are not properly scraped for creation. Samples of successful and unsuccessful below. Thanks for any insight!

Compose:

# Local Cloud Storage
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    restart: always
    networks:
      - $TRAEFIK_NETWORK
    security_opt:
      - no-new-privileges
    volumes:
      - ${DOCKERDIR}/nextcloud:/config
      - ${STORAGEDIR}/backups/nextcloud:/data
    environment:
      - TZ
      - PUID
      - PGID
    labels:
      - "traefik.enable=true"
      ## TCP Routers
      - "traefik.tcp.routers.nextcloud-tcp.entrypoints=https"
      - "traefik.tcp.routers.nextcloud-tcp.rule=HostSNI(`cloud.$DOMAINNAME`)"
      - "traefik.tcp.routers.nextcloud-tcp.tls=true"
      - "traefik.tcp.routers.nextcloud-tcp.tls.passthrough=true"
      ## TCP Services
      - "traefik.tcp.routers.nextcloud-tcp.service=nextcloud-tcp-svc"
      - "traefik.tcp.services.nextcloud-tcp-svc.loadbalancer.server.port=443"


# Services & Media Dashboard
  organizr:
    image: organizrtools/organizr-v2
    container_name: organizr
    restart: always
    networks:
      - $TRAEFIK_NETWORK
    security_opt:
      - no-new-privileges
    volumes:
      - ${DOCKERDIR}/organizr:/config
    environment:
      - TZ
      - PUID
      - PGID
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.organizr-rtr.entrypoints=https"
      - "traefik.http.routers.organizr-rtr.rule=Host(`org.$DOMAINNAME`)"
      - "traefik.http.routers.organizr-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.organizr-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
      - "traefik.http.routers.organizr-rtr.service=organizr-svc"
      - "traefik.http.services.organizr-svc.loadbalancer.server.port=80"

Organizr log:

today at 8:20 AM container rule value:  Host(`org.domain.com`)
today at 8:20 AM extracted_domains from rule:  [u'org.domain.com']
today at 8:20 AM Found Container: 1319414219a6dbfaf20323092c7b72feff709c17ebb94a020b14202a216e6023 with Hostname org.domain.com

Nextcloud log:

today at 11:33 AM container rule value:  HostSNI(`cloud.domain.com`)
today at 11:33 AM extracted_domains from rule:  []

Disable zabbix-agent per default

Description of the feature
The Zabbix-Agent comes with this container as your base image (https://github.com/tiredofit/docker-alpine) configures this.

The problem with this base-implementation is that this container makes DNS requests for zabbix-agent every minute. This is spamming the DNS server and actually unnecessary in an environment without Zabbix.

I was able to disable zabbix via CONTAINER_ENABLE_MONITORING: "FALSE" environment variable and believe this should be the default or better documented in this container (since I had to dig out the base image to find this variable). Or: The default zabbix config could be to not do a DNS request for zabbix-agent every minute?

Benftits of feature
No more zabbix-agent DNS spam

domain-specific TARGET_DOMAIN?

I have two zones in Cloudflare, so 2 domains and separate DNS settings.
In traefik I specify dedicated subdomains for each domain.

cfcompanion's config allows to specifiy several domains DOMAIN1, DOMAIN2...
However, the TARGET_DOMAIN seems to be used for all domains specified.
All CNAME records are created in that TARGET_DOMAIN.

So in my domain1.com DNS settings I get

CNAME    mysubdomain.domain2.com       domain1.com
CNAME    othersubdomain                domain1.com

Instead of one CNAME in domain1.com and the other in domain2.com

Bug ? Or am I not getting something?

Support for alternative traefik host declaration

The following syntax is valid within traefik:

"Host(`subdomain.domain.com`,`subdomain2.domain.com`,`subdomain3.domain.com`)"

However this syntax is not valid within cloudflare companion.

#15 addresses this

Consider using pythons logging modules instead of prints

Implementing and using pythons logging module instead of prints feels a lot more flexible and more pythonic.

It also give cleaner code as we can remove a lot of if CONTAINER_LOG_LEVEL == "DEBUG":

See mbjurstrom@ac36ae6 for inspiration.

Looks much cleaner to my eyes. But not sure what your opinion is about that.
If there is any interest I am happy to supply a PR without the rest of the of the additions I added in that branch. Most of them is in existing open PRs from me or other people.

1004 DNS Validation Error

I'm getting this error in the log when trying to create the cnames for domain.xyz and www.domainname.xyz

container rule value: Host(domainname.xyz,www.domainname.xyz)
extracted_domains from rule: [u'domainname.xyz,www.domainname.xyz']
Found Container: 647e66db859869694c080e371cff0b9bba33e21850d439c5fe3b86a41eb818f7 with Hostname domainname.xyz,www.domainname.xyz
** domainname.xyz,www.domainname.xyz - 1004 DNS Validation Error

organizr container label is Host(domainname.xyz,www.domainname.xyz)

No CNAME's added

Hello.
I'm using Docker Swarm mode, Traefik 1.7.24 and latest image of docker-traefik-cloudflare-companion.
Here's my compose file:

version: '3.5'

services:
  cloudflare-companion:
    image: tiredofit/traefik-cloudflare-companion:latest
    environment:
      TRAEFIK_VERSION: 1
      CF_EMAIL: [email protected]
      CF_TOKEN: my-custom-cf-token
      DOMAIN1: mydomain.com
      DOMAIN1_ZONE_ID: my-zone-id
      DOMAIN1_PROXIED: "true"
      TARGET_DOMAIN: target.mydomain.com
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks: 
      - traefik-net
      - internal
    deploy:
      replicas: 1
      placement:
       constraints:
         - node.role == manager
      restart_policy:
        condition: none

networks:
  traefik-net:
    name: traefik-net
    attachable: true
  internal:
    external: false

After start container logs:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 00-functions: applying... 
[fix-attrs.d] 00-functions: exited 0.
[fix-attrs.d] 01-s6: applying... 
[fix-attrs.d] 01-s6: exited 0.
[fix-attrs.d] 02-zabbix: applying... 
[fix-attrs.d] 02-zabbix: exited 0.
[fix-attrs.d] 03-logrotate: applying... 
[fix-attrs.d] 03-logrotate: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-startup: executing... 
[cont-init.d] 00-startup: exited 0.
[cont-init.d] 01-timezone: executing... 
[cont-init.d] 01-timezone: exited 0.
[cont-init.d] 02-permissions: executing... 
[cont-init.d] 02-permissions: exited 0.
[cont-init.d] 03-zabbix: executing... 
[cont-init.d] 03-zabbix: exited 0.
[cont-init.d] 04-cron: executing... 
[NOTICE] ** [cron] Disabling Cron
[cont-init.d] 04-cron: exited 0.
[cont-init.d] 05-smtp: executing... 
[NOTICE] ** [smtp] Disabling SMTP Features
[cont-init.d] 05-smtp: exited 0.
[cont-init.d] 10-cloudflare-companion: executing... 
[NOTICE] ** [traefik-cloudflare-companion] Setting Traefik 1.x Mode
[cont-init.d] 10-cloudflare-companion: exited 0.
[cont-init.d] 99-container: executing... 
[cont-init.d] 99-container: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[INFO] ** [zabbix] Starting Zabbix Agent
[INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion

Then i start service with compose file:

version: '3'

services:
  landing:
    image: my-company/my-image:version
    networks: 
      - traefik-net
    deploy:
      replicas: 1
      labels:
      - traefik.frontend.rule=Host:app.mydomain.com
      - traefik.port=80
      - traefik.enable=true
      placement:
       constraints:
         - node.role == manager
    restart: always

networks:
  traefik-net:
    external: true

Companion logs is empty (no new entries). No new records in Cloudflare.
What am i doing wrong?

./run: line 11: exec: python: not found

Latest tag has error:

[INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
./run: line 11: exec: python: not found

4.2.0 and 4.2.1 is absolutely fine.

Logging

Description of the feature

Is there a different logging level where it wont show this error?

Authentication Error

I have verified the token to work via cloudfare-ddns docker container I use.

cf-companion:
container_name: cf-companion
image: tiredofit/traefik-cloudflare-companion:latest
restart: always
security_opt:
- no-new-privileges:true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TIMEZONE=$TZ
- TRAEFIK_VERSION=2
#- CF_EMAIL=$CLOUDFLARE_EMAIL# Same as traefik
- CF_TOKEN=$CF_APITOKEN
#- CF_TOKEN=$CLOUDFLARE_API_KEY # Same as traefik
- TARGET_DOMAIN=$DOMAINNAME
- DOMAIN1=$DOMAINNAME
- DOMAIN1_ZONE_ID=$CF_ZONES # Copy from Cloudflare Overview page
- DOMAIN1_PROXIED=TRUE

CloudFlare.exceptions.CloudFlareAPIError: Authentication error
[INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
Traceback (most recent call last):
File "/usr/sbin/cloudflare-companion", line 276, in
init(doms)
File "/usr/sbin/cloudflare-companion", line 211, in init
check_container_t2(c, doms)
File "/usr/sbin/cloudflare-companion", line 176, in check_container_t2
point_domain(extracted_domains[0], doms)
File "/usr/sbin/cloudflare-companion", line 91, in point_domain
records = cf.zones.dns_records.get(dom['zone_id'], params={u'name': name})
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 672, in get
return self._base.call_with_auth('GET', self._parts,
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth
return self._call(method, headers, parts,
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 502, in _call
raise CloudFlareAPIError(code, message)

REFRESH_ENTRIES is false but companion tries to post existing CNAME

I'm currently using traefik poll api workflow and REFRESH_ENTRIES=false.
And during each poll the companion is trying to post existing entries instead of avoiding them.

Resulting in many errors like this

[ERROR] ** abc.domain.tld - 81053 An A, AAAA, or CNAME record with that host already exists.
[ERROR] ** xyz.domain.tld - 81053 An A, AAAA, or CNAME record with that host already exists.
[ERROR] ** abc.domain.tld - 81053 An A, AAAA, or CNAME record with that host already exists.
[ERROR] ** xyz.domain.tld - 81053 An A, AAAA, or CNAME record with that host already exists.

I can try to make a PR in the next few days to resolve this issue and avoid posting records that already exists.

Support Dynamic Configs

Description of the feature
Traefik supports dynamic configurations via providers: https://doc.traefik.io/traefik/getting-started/configuration-overview/#the-dynamic-configuration. I use this to proxy other internal services running on different internal hosts to be accessible externally.

However, the urls that configured dynamically do not get registered with cloudflare. It works locally, but not accessible via cloudflare. A work-around is to manually insert CNAME records in Cloudflare's DNS config, however it's just a hassle everytime I want a new service online

Benftits of feature
Dynamic Configurations are supposed to work just like static urls, but cloudflare companion does not support it.

Additional context
No additional context.

Rate limited. Please wait and consider throttling your request speed

Hi,

Recently I'm getting this error in docker logs

2022-05-07T07:48:40.115540769Z 2022-05-07-07:48:40 [STARTING] ** [traefik-cloudflare-companion] [20] Starting Traefik Cloudflare Companion
2022-05-07T07:48:40.838016615Z Traceback (most recent call last):
2022-05-07T07:48:40.839233444Z   File "/usr/sbin/cloudflare-companion", line 466, in <module>
2022-05-07T07:48:40.840670399Z     sync_mappings(get_initial_mappings(traefik_included_hosts, traefik_excluded_hosts), doms)
2022-05-07T07:48:40.841077265Z   File "/usr/sbin/cloudflare-companion", line 354, in sync_mappings
2022-05-07T07:48:40.841842197Z     if point_domain(k, domain_infos):
2022-05-07T07:48:40.842125288Z   File "/usr/sbin/cloudflare-companion", line 168, in point_domain
2022-05-07T07:48:40.842756780Z     records = cf.zones.dns_records.get(domain_info['zone_id'], params={u'name': name})
2022-05-07T07:48:40.843058265Z   File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 672, in get
2022-05-07T07:48:40.843978952Z     return self._base.call_with_auth('GET', self._parts,
2022-05-07T07:48:40.844305153Z   File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth
2022-05-07T07:48:40.844964418Z     return self._call(method, headers, parts,
2022-05-07T07:48:40.845231219Z   File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 502, in _call
2022-05-07T07:48:40.845985004Z     raise CloudFlareAPIError(code, message)
2022-05-07T07:48:40.849372463Z CloudFlare.exceptions.CloudFlareAPIError: Rate limited. Please wait and consider throttling your request speed

I'm not sure why or what else I can provide so you can reproduce it. I'm sure it's on my end but I have no idea what exactly is causing this error.

Edit: I'm using this tag tiredofit/traefik-cloudflare-companion:6.8.1

Container stalls after "Starting Zabbix Agent"

I've got the following log

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 00-functions: applying... 
[fix-attrs.d] 00-functions: exited 0.
[fix-attrs.d] 01-s6: applying... 
[fix-attrs.d] 01-s6: exited 0.
[fix-attrs.d] 02-zabbix: applying... 
[fix-attrs.d] 02-zabbix: exited 0.
[fix-attrs.d] 03-logrotate: applying... 
[fix-attrs.d] 03-logrotate: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-startup: executing... 
[cont-init.d] 00-startup: exited 0.
[cont-init.d] 01-timezone: executing... 
[NOTICE] ** [timezone] Timezone: Setting to 'America/New_York' from 'Etc/GMT'
[cont-init.d] 01-timezone: exited 0.
[cont-init.d] 02-permissions: executing... 
[cont-init.d] 02-permissions: exited 0.
[cont-init.d] 03-zabbix: executing... 
[cont-init.d] 03-zabbix: exited 0.
[cont-init.d] 04-cron: executing... 
[NOTICE] ** [cron] Disabling Cron
[cont-init.d] 04-cron: exited 0.
[cont-init.d] 05-smtp: executing... 
[NOTICE] ** [smtp] Disabling SMTP Features
[cont-init.d] 05-smtp: exited 0.
[cont-init.d] 10-cloudflare-companion: executing... 
[NOTICE] ** [traefik-cloudflare-companion] Setting Traefik 2.x Mode
[cont-init.d] 10-cloudflare-companion: exited 0.
[cont-init.d] 99-container: executing... 
[cont-init.d] 99-container: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
[INFO] ** [zabbix] Starting Zabbix Agent

My docker-compose looks like this:

    image: tiredofit/traefik-cloudflare-companion:latest
    container_name: cloudflare-companion
    networks:
     - traefik_proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL
      - CF_TOKEN=$CLOUDFLARE_API_KEY
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID
      - DOMAIN1_PROXIED=FALSE
    restart: always
    deploy:
      placement:
        constraints:
          - "node.role==manager"

Logging into the container and executing the items in /etc/cont-init.d/ shows only a single issue with "03-zabbix" as shown below

mkdir: can't create directory '': No such file or directory
chown: unknown user 
chown: unknown user

My cursory glance is showing its failing to create a logfile somewhere along the line and then dropping out of the whole thing.

Different TARGET_DOMAIN for subdomain

I like to define two TARGET_DOMAIN entries. One is pointing to the internet reachable address of my server the other is pointing to my local IP address. The idea is that i can configure a *.local.domain.tld pointing to the server LAN IP for internal services but also configure a *.domain.tld for services that need to be reached from the WWW.

Note that I don't want/need to reach a service by both options (although possible):

Support for creating multiple CNAMES per container

With Traefik 2 you can create multiple subdomains for a single container, like so

      - "traefik.http.routers.foobar-rtr.rule=Host(`foo.$DOMAIN_NAME`,`bar.$DOMAIN_NAME`)"

or like so

      - "traefik.http.routers.foobar-rtr.rule=Host(`foo.$DOMAIN_NAME`)"
      - "traefik.http.routers.foobar-rtr.rule=Host(`bar.$DOMAIN_NAME`)"

It seems that only one subdomain per container is seen by this tool and only a single CNAME is created. It would be nice if this tool would catch and create all of the CNAMES defined in a container's compose file with either method of formatting in these examples.

Possible to disable debug logging?

Recently I'm seeing a ton of extra log output and I don't recall specifying debug logging anywhere. How can I revert this to an info or warn type of level? Sample output:

today at 9:43 PM 2020-10-12 21:43:26,370 - Python Cloudflare API v4 - DEBUG - Response: error 81053 An A, AAAA or CNAME record already exists with that host.
today at 9:43 PM [ERROR] ** php.xxxxxxxx.com - 81053 An A, AAAA or CNAME record already exists with that host.
today at 9:43 PM 2020-10-12 21:43:26,381 - Python Cloudflare API v4 - DEBUG - Call: emulated curl command ...
today at 9:43 PM curl -X GET "https://api.cloudflare.com/client/v4/zones/af7b02f6760430b6eaaf6489002e9251/dns_records?name=redis.xxxxxxxx.com" \
today at 9:43 PM -H "User-Agent: python-cloudflare/2.8.13/python-requests/2.23.0/python/3.8.5" \
today at 9:43 PM -H "Content-Type: application/json" \
today at 9:43 PM -H "X-Auth-Email: [email protected]" \
today at 9:43 PM -H "X-Auth-Key: REDACTED"

Config:

# Cloudflare-Companion - Automatic container CNAME DNS Creation
  cloudflare-companion:
    image: tiredofit/traefik-cloudflare-companion
    container_name: cloudflare-companion
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - $SOCKET_NETWORK
    depends_on:
      - socket-proxy
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL_FILE=/run/secrets/cf_email
      - CF_TOKEN_FILE=/run/secrets/cf_token
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=$CF_API_ZONE_ID
      - DOMAIN1_PROXIED=TRUE
      - DOCKER_HOST=tcp://socket-proxy:2375
    secrets:
      - cf_email
      - cf_token

Healthcheck Option

Is there a possibility to use healthchecks like:

    healthcheck:
      test: wget --spider http://localhost || exit 1
      interval: "30s"
      timeout: "5s"
      retries: 3
      start_period: "15s"

Base container not handle very well drop all caps and run as non-root

Summary

The base image of the container make some tests and run code to "fix" something how is not a problem.

The code is on file /package/admin/s6-overlay-3.0.0.2/libexec/preinit inside the container.

Steps to reproduce

Se the logs from:

version: '3.9'

services:
  dns-cloudflare:
    image: tiredofit/traefik-cloudflare-companion
    cap_drop:
      - ALL
    user: "1000:1000"
    environment:
      - "TRAEFIK_VERSION=2"
      - "SWARM_MODE=TRUE"
      - "DOCKER_HOST=tcp://export-docker-sock:2375"
      - "CF_TOKEN=${CF_TOKEN}"

      - "TARGET_DOMAIN=${CF_LOADBALANCER}"
      - "DOMAIN1=${CF_DOMAIN}"
      - "DOMAIN1_ZONE_ID=${CF_ZONE_ID}"
    deploy:
      replicas: 1
    networks:
      - traefik-net
      - docker-net

networks:
  traefik-net:
    external:
      name: traefik-net
  docker-net:
    external:
      name: docker-ro-net

What is the expected correct behavior?

Container not need to set uid or gid. The container can run as any user and drop all caps.

Relevant logs and/or screenshots

This is the log:

s6-overlay-suexec: fatal: unable to setgid to root: Operation not permitted

With cap add setuid and setgid:

s6-chown: fatal: unable to chown /run: Operation not permitted
s6-overlay-suexec: fatal: child failed wth exit code 111

Environment

Image version / tag: latest
Host OS: Linux

Any logs | docker-compose.yml

s6-overlay-suexec: fatal: unable to setgid to root: Operation not permitted
s6-chown: fatal: unable to chown /run: Operation not permitted
s6-overlay-suexec: fatal: child failed wth exit code 111

Possible fixes

Well, there is somethings:

List caps used by container(not need this)
Change entrypoint to run /usr/sbin/cloudflare-companion direct
Change the entrypoint to not create files and/or set group/user(or disable by env)

Support for Traefik V2 labels

Would it be possible to trigger a CNAME creation/update based on the traefik.http.routers.router1.rule=Host(`traefik.example.com`) label? The traefik.frontend.rule label is not used in version 2 of Traefik

exec: python3: not found

After upgrading my docker containers today I started to receive a python3 error. Below is the section of my docker compose file as well as the relevant log lines. The last section just keeps repeating. Everything goes back to working if I change from latest to v5.0.0

  cf-companion:
    container_name: cf-companion
    image: tiredofit/traefik-cloudflare-companion:latest
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    networks:
      - socket_proxy
    depends_on:
      - socket-proxy
    # volumes:
    #  - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
    environment:
      - TIMEZONE=$TZ
      - TRAEFIK_VERSION=2
      - CF_EMAIL=$CLOUDFLARE_EMAIL # Same as traefik
      # - CF_TOKEN=$CLOUDFLARE_API_TOKEN # Scoped api token not working. Error 10000.
      - CF_TOKEN=$CLOUDFLARE_API_KEY # Same as traefik
      - TARGET_DOMAIN=$DOMAINNAME
      - DOMAIN1=$DOMAINNAME
      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID # Copy from Cloudflare Overview page
      - DOMAIN1_PROXIED=TRUE
      - DOCKER_HOST=tcp://socket-proxy:2375
      - CONTAINER_LOG_LEVEL=DEBUG
    secrets: # not working
      - cloudflare_email
      - cloudflare_api_key
      - cloudflare_zoneid

today at 9:31 PM [cont-init.d] 99-container: executing...
today at 9:31 PM [DEBUG] ** [container] Getting ready to start '03-zabbix' service
today at 9:31 PM [DEBUG] ** [container] Skipping '04-cron' service for startup routines
today at 9:31 PM [DEBUG] ** [container] Skipping '05-smtp' service for startup routines
today at 9:31 PM [DEBUG] ** [container] Getting ready to start '10-cloudflare-companion' service
today at 9:31 PM [cont-init.d] 99-container: exited 0.
today at 9:31 PM [cont-init.d] done.
today at 9:31 PM [services.d] starting services
today at 9:31 PM [DEBUG] ** [traefik-cloudflare-companion] Checking to see if container initialization scripts have completed
today at 9:31 PM [DEBUG] ** [traefik-cloudflare-companion] Checking to see if service has initialized
today at 9:31 PM [DEBUG] ** [zabbix] Checking to see if container initialization scripts have completed
today at 9:31 PM [DEBUG] ** [zabbix] Checking to see if service has initialized
today at 9:31 PM [services.d] done.
today at 9:31 PM ./run: line 11: exec: python3: not found
today at 9:31 PM [INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
today at 9:31 PM [INFO] ** [zabbix] Starting Zabbix Agent
today at 9:31 PM Starting Zabbix Agent [alpine]. Zabbix 5.0.3 (revision {ZABBIX_REVISION}).
today at 9:31 PM Press Ctrl+C to exit.
today at 9:31 PM
today at 9:31 PM [DEBUG] ** [traefik-cloudflare-companion] Checking to see if container initialization scripts have completed
today at 9:31 PM [DEBUG] ** [traefik-cloudflare-companion] Checking to see if service has initialized
today at 9:31 PM [INFO] ** [traefik-cloudflare-companion] Starting Traefik Cloudflare Companion
today at 9:31 PM ./run: line 11: exec: python3: not found
today at 9:31 PM [DEBUG] ** [traefik-cloudflare-companion]

Allow records to be updated if they already exist

Currently, records that already exist will not be updated. They may need updating if various attributes change (TTL, proxy status, target CNAME).

PR #17 addresses this.

DOMAIN2 ... DOMAIN3 ... generating errors

Summary

I have several domains that I am hosting on Docker. Whenever I add a second, third, ..., eighth domain, I am getting an error

Steps to reproduce

      - DOMAIN1=$DOMAIN1
      - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID_DOMAIN1 
      - DOMAIN1_PROXIED=TRUE
      - DOMAIN2=$DOMAIN2
      - DOMAIN2_ZONE_ID=$CLOUDFLARE_ZONEID_DOMAIN2 # Copy from Cloudflare Overview page
      - DOMAIN2_PROXIED=TRUE
      - DOMAIN3=$DOMAIN3
      - DOMAIN3_ZONE_ID=$CLOUDFLARE_ZONEID_DOMAIN3
      - DOMAIN3_PROXIED=TRUE```

### What is the expected *correct* behavior?
```2022-03-11.19:08:36 [NOTICE] ** [container-init] Detected Container that has been restarted - Cleaning '/tmp/state' files
2022-03-11.19:08:36 [NOTICE] ** [scheduling] Disabling Scheduling
2022-03-11.19:08:36 [STARTING] ** [traefik-cloudflare-companion] [1] Starting Traefik Cloudflare Companion```

<!-- Describe what should be seen instead. -->
```2022-03-11.19:08:30 [STARTING] ** [traefik-cloudflare-companion] [610] Starting Traefik Cloudflare Companion
Traceback (most recent call last):
  File "/usr/sbin/cloudflare-companion", line 466, in <module>
    sync_mappings(get_initial_mappings(traefik_included_hosts, traefik_excluded_hosts), doms)
  File "/usr/sbin/cloudflare-companion", line 354, in sync_mappings
    if point_domain(k, domain_infos):
  File "/usr/sbin/cloudflare-companion", line 168, in point_domain
    records = cf.zones.dns_records.get(domain_info['zone_id'], params={u'name': name})
  File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 672, in get
    return self._base.call_with_auth('GET', self._parts,
  File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth
    return self._call(method, headers, parts,
  File "/usr/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 502, in _call
    raise CloudFlareAPIError(code, message)
CloudFlare.exceptions.CloudFlareAPIError: Authentication error```

I don't know why it's showing an Authentication error because the ```CF_TOKEN``` is working when I just use DOMAIN1. I've confirmed the Zone IDs for all of my other domains.

### Relevant logs and/or screenshots
<!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise. -->

Please see above

### Environment
https://pastebin.com/P3rvUFHR

- Image version / tag:  v6.8.2
- Host OS: Ubuntu 20.04 LTS
Docker 20.10.12 (API: 1.41)

<details>
<summary>Any logs | docker-compose.yml</summary>
</details>

<!-- Include anything additional -->
### Possible fixes
<!-- If you can, provide details to the root cause that might be responsible for the problem. -->

Thanks!

ERROR message for each service.

Does cloudflare-companion do any tracking or checks before it looks to create DNS records?

I keep getting this in my logs for each service whenever I restart my docker-compose:
today at 18:48:36 [ERROR] ** dozzle.host.com - 81053 An A, AAAA, or CNAME record with that host already exists.

My config:

  cf-companion:
    container_name: cf-companion
    image: tiredofit/traefik-cloudflare-companion:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      TRAEFIK_VERSION: 2
      CF_EMAIL: $CLOUDFLARE_EMAIL
      CF_TOKEN: $CLOUDFLARE_API_KEY
      TARGET_DOMAIN: $DOMAINNAME
      DOMAIN1: $DOMAINNAME
      DOMAIN1_ZONE_ID: $CLOUDFLARE_ZONE_ID
      DOMAIN1_PROXIED: "TRUE"
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
      UMASK: $UMASK

It's not a major issue, just not sure if it should be an ERROR

Sorry if I've missed something!

tiredofit / docker-traefik-cloudflare-companion Goto Github PK

docker-traefik-cloudflare-companion's Introduction

github.com/tiredofit/docker-traefik-cloudflare-companion

About

Maintainer

Table of Contents

Prerequisites and Assumptions

Installation

Build from Source

Prebuilt Images

Multi Architecture

Configuration

Quick Start

Persistent Storage

Environment Variables

Base Images used

Container Options

Docker Options

Cloudflare Options

Traefik Options

Docker Secrets

Discovery

Docker

Docker Swarm

Traefik Polling

Filtering

Include Patterns

Exclude Patterns

By Label (Docker Endpoint only)

Maintenance

Shell Access

Support

Usage

Bugfixes

Feature Requests

Updates

License

References

docker-traefik-cloudflare-companion's People

Contributors

Stargazers

Watchers

Forkers

docker-traefik-cloudflare-companion's Issues

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Environment

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Environment

Possible fixes

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Environment

Possible fixes

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Environment

Possible fixes

Summary

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Sanity Test

Summary

Steps to reproduce

What is the expected correct behavior?

Relevant logs and/or screenshots

Environment

Possible fixes

Summary