Skip to content

Qalisa/pierceflare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

120 Commits
.dev
.dev
 
 
.github/workflows
.github/workflows
 
 
.helm-values
.helm-values
 
 
.helm
.helm
 
 
.vscode
.vscode
 
 
cli
cli
 
 
service
service
 
 
specs
specs
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

logo-1

PierceFlare

💉 Chriurgically, securely and automatically synchronize specific sub-domains IPs linked to your Cloudflare managed DNs.

This project includes:

Note

We host our own PierceFlare at Qalisa !

https://pierceflare.qalisa.fr

ArgoCD Badge

Purpose

At Qalisa, we leverage Cloudflare DNS capabilities to secure access to our customers SaaS platforms, often providing our own subdomains as gateway for our customers to access their apps.

Since we provide our client with self-custodial, on-premise platform, we have no direct control on their hardware nor their ISP routers, which could change unexpectedly their external IP at any given time, breaking access to their app using our subdomains.

On the other hand, Cloudflare do not provide fine-grained API token generation to limit control to specific subdomains.

That's why we developped the Pierceflare suite.

How does it work ?

A pierceflare instance will serve as a middleware gateway, securing the Cloudflare account-wide API key behind the ability to create autonomous API token which have restricted write-crendentials on a specific subdomain. We will then install a lightweight client pierceflare-cli on our customers servers, bound to the previous pierceflare instance using a dedicated API key. Rince and repeat.

PierceFlare scheme

Features

  • React based web-app with tRPC live-updates; watch the synchronization attempts !
  • RxJS worker to feed CloudFlare DNS updates using its official API
  • Lightweight and fast Golang-based IP change detector and synchronizer
  • Smart, process-wide IP cache system to limit noise sent to both Pierceflare and CloudFlare APIs

How to use

Prepare and install pierceflare (once)

  1. Login to CloudFlare, and generate an API Token (https://developers.cloudflare.com/fundamentals/api/get-started/create-token/). Make sure this tokens has Zone:Read, DNS:Edit permissions.

  2. Install pierceflare using the official Docker image (or with the helm chart) on a server you own, and define env variables as:

    • CANONICAL_URL as the URL you expect your server to respond to requests
    • SERVICE_AUTH_USERNAME / SERVICE_AUTH_PASSWORD to connect to the dashboard later
    • CLOUDFLARE_API_TOKEN as the token generated in step 1

  3. Once pierceflare installed, login to the dashboard using SERVICE_AUTH_USERNAME / SERVICE_AUTH_PASSWORD.

Configure an entry (as many times as needed)

  1. We will now create a synchronization entry; click on Create DDNS Entry.
  1. Fill up the informations on the specific subdomain you wish synchronizations to be set upon, then click on Create. No need to define this DNS entry on Cloudflare beforehand, it will be created automatically at first sync.
  1. Back on the dashboard, you will notice your new entry. Click on its Generate API Key button. Confirm creation by then clicking on Create Key.
  1. Your API key is generated. Save it, and copy it on your clipboard using the Copy Key button.

Initiate synchronization

  1. Then, install pierceflare-cli (using the Docker image or the Helm Chart) on any remote server you wish to synchronize, and configure env variables:

    • PIERCEFLARE_SERVER_URL to be as CANONICAL_URL
    • PIERCEFLARE_API_KEY as the API key you generated on the dashboard

  2. Finally, check both pierceflare-cli logs and pierceflare dashboard to monitor DDNS synchronization in live !

About

Dashboard, API and CLI for multi-tenant, secure Cloudflare DDNS

qalisa.github.io/pierceflare/

Topics

docker ddns cloudflare

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Packages

 
 
 

Languages