1
0

update_cloudflare_com_v4.sh 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. #!/bin/sh
  2. #
  3. #.Distributed under the terms of the GNU General Public License (GPL) version 2.0
  4. #
  5. # script for sending updates to cloudflare.com
  6. #.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
  7. #.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
  8. #.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
  9. # CloudFlare API documentation at https://api.cloudflare.com/
  10. #
  11. # This script is parsed by dynamic_dns_functions.sh inside send_update() function
  12. #
  13. # using following options from /etc/config/ddns
  14. # option username - your cloudflare e-mail
  15. # option password - cloudflare api key, you can get it from cloudflare.com/my-account/
  16. # option domain - "hostname@yourdomain.TLD" # syntax changed to remove split_FQDN() function and tld_names.dat.gz
  17. # option param_opt - Whether the record is receiving the performance and security benefits of Cloudflare (not empty => false)
  18. #
  19. # variable __IP already defined with the ip-address to use for update
  20. #
  21. # check parameters
  22. [ -z "$CURL_SSL" ] && write_log 14 "Cloudflare communication require cURL with SSL support. Please install"
  23. [ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
  24. [ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
  25. [ $use_https -eq 0 ] && use_https=1 # force HTTPS
  26. # used variables
  27. local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
  28. local __URLBASE="https://api.cloudflare.com/client/v4"
  29. # split __HOST __DOMAIN from $domain
  30. # given data:
  31. # @example.com for "domain record"
  32. # host.sub@example.com for a "host record"
  33. __HOST=$(printf %s "$domain" | cut -d@ -f1)
  34. __DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
  35. # Cloudflare v4 needs:
  36. # __DOMAIN = the base domain i.e. example.com
  37. # __HOST = the FQDN of record to modify
  38. # i.e. example.com for the "domain record" or host.sub.example.com for "host record"
  39. # handling domain record then set __HOST = __DOMAIN
  40. [ -z "$__HOST" ] && __HOST=$__DOMAIN
  41. # handling host record then rebuild fqdn host@domain.tld => host.domain.tld
  42. [ "$__HOST" != "$__DOMAIN" ] && __HOST="${__HOST}.${__DOMAIN}"
  43. # set record type
  44. [ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
  45. # transfer function to use for godaddy
  46. # all needed variables are set global here
  47. # so we can use them directly
  48. cloudflare_transfer() {
  49. local __CNT=0
  50. local __ERR
  51. while : ; do
  52. write_log 7 "#> $__RUNPROG"
  53. eval "$__RUNPROG"
  54. __ERR=$? # save communication error
  55. [ $__ERR -eq 0 ] && break # no error break while
  56. write_log 3 "cURL Error: '$__ERR'"
  57. write_log 7 "$(cat $ERRFILE)" # report error
  58. [ $VERBOSE_MODE -gt 1 ] && {
  59. # VERBOSE_MODE > 1 then NO retry
  60. write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
  61. break
  62. }
  63. __CNT=$(( $__CNT + 1 )) # increment error counter
  64. # if error count > retry_count leave here
  65. [ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
  66. write_log 14 "Transfer failed after $retry_count retries"
  67. write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
  68. sleep $RETRY_SECONDS &
  69. PID_SLEEP=$!
  70. wait $PID_SLEEP # enable trap-handler
  71. PID_SLEEP=0
  72. done
  73. # check for error
  74. grep -q '"success":true' $DATFILE || {
  75. write_log 4 "CloudFlare reported an error:"
  76. write_log 7 "$(cat $DATFILE)" # report error
  77. return 1 # HTTP-Fehler
  78. }
  79. }
  80. # Build base command to use
  81. __PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
  82. # force network/interface-device to use for communication
  83. if [ -n "$bind_network" ]; then
  84. local __DEVICE
  85. network_get_physdev __DEVICE $bind_network || \
  86. write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
  87. write_log 7 "Force communication via device '$__DEVICE'"
  88. __PRGBASE="$__PRGBASE --interface $__DEVICE"
  89. fi
  90. # force ip version to use
  91. if [ $force_ipversion -eq 1 ]; then
  92. [ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6" # force IPv4/IPv6
  93. fi
  94. # set certificate parameters
  95. if [ "$cacert" = "IGNORE" ]; then # idea from Ticket #15327 to ignore server cert
  96. __PRGBASE="$__PRGBASE --insecure" # but not empty better to use "IGNORE"
  97. elif [ -f "$cacert" ]; then
  98. __PRGBASE="$__PRGBASE --cacert $cacert"
  99. elif [ -d "$cacert" ]; then
  100. __PRGBASE="$__PRGBASE --capath $cacert"
  101. elif [ -n "$cacert" ]; then # it's not a file and not a directory but given
  102. write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
  103. fi
  104. # disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
  105. # or check if libcurl compiled with proxy support
  106. if [ -z "$proxy" ]; then
  107. __PRGBASE="$__PRGBASE --noproxy '*'"
  108. elif [ -z "$CURL_PROXY" ]; then
  109. # if libcurl has no proxy support and proxy should be used then force ERROR
  110. write_log 13 "cURL: libcurl compiled without Proxy support"
  111. fi
  112. # set headers
  113. __PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
  114. __PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
  115. __PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
  116. # __PRGBASE="$__PRGBASE --header 'Accept: application/json' "
  117. # read zone id for registered domain.TLD
  118. __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
  119. cloudflare_transfer || return 1
  120. # extract zone id
  121. __ZONEID=$(grep -o '"id":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
  122. [ -z "$__ZONEID" ] && {
  123. write_log 4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
  124. return 127
  125. }
  126. # read record id for A or AAAA record of host.domain.TLD
  127. __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
  128. cloudflare_transfer || return 1
  129. # extract record id
  130. __RECID=$(grep -o '"id":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
  131. [ -z "$__RECID" ] && {
  132. write_log 4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
  133. return 127
  134. }
  135. # extract current stored IP
  136. __DATA=$(grep -o '"content":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
  137. # check data
  138. [ $use_ipv6 -eq 0 ] \
  139. && __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
  140. || __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
  141. # we got data so verify
  142. [ -n "$__DATA" ] && {
  143. # expand IPv6 for compare
  144. if [ $use_ipv6 -eq 1 ]; then
  145. expand_ipv6 $__IP __IPV6
  146. expand_ipv6 $__DATA __DATA
  147. [ "$__DATA" = "$__IPV6" ] && { # IPv6 no update needed
  148. write_log 7 "IPv6 at CloudFlare.com already up to date"
  149. return 0
  150. }
  151. else
  152. [ "$__DATA" = "$__IP" ] && { # IPv4 no update needed
  153. write_log 7 "IPv4 at CloudFlare.com already up to date"
  154. return 0
  155. }
  156. fi
  157. }
  158. # update is needed
  159. # let's build data to send
  160. # set proxied parameter (default "true")
  161. [ -z "$param_opt" ] && __PROXIED="true" || {
  162. __PROXIED="false"
  163. write_log 7 "Cloudflare 'proxied' disabled"
  164. }
  165. # use file to work around " needed for json
  166. cat > $DATFILE << EOF
  167. {"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","proxied":$__PROXIED}
  168. EOF
  169. # let's complete transfer command
  170. __RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
  171. cloudflare_transfer || return 1
  172. return 0