halbebruno/cloudflare_ddns
1
0
Fork 0
mirror of https://github.com/timothymiller/cloudflare-ddns.git synced 2026-03-22 06:58:57 -03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: halbebruno:2.0.1
Branches Tags
halbebruno:master halbebruno:dependabot/cargo/rustls-webpki-0.103.10
halbebruno:v2.0.8 halbebruno:v2.0.7 halbebruno:v2.0.6 halbebruno:v2.0.5 halbebruno:v2.0.4 halbebruno:v2.0.3 halbebruno:2.0.2 halbebruno:2.0.1 halbebruno:latest
...
compare: halbebruno:v2.0.3
Branches Tags
halbebruno:dependabot/cargo/rustls-webpki-0.103.10 halbebruno:master
halbebruno:v2.0.8 halbebruno:v2.0.7 halbebruno:v2.0.6 halbebruno:v2.0.5 halbebruno:v2.0.4 halbebruno:v2.0.3 halbebruno:2.0.2 halbebruno:2.0.1 halbebruno:latest

10 Commits
2.0.1 ... v2.0.3

Author SHA1 Message Date
Timothy Miller
54ca4a5eae Bump version to 2.0.3 and update GitHub Actions to Node.js 24 
Update all Docker GitHub Actions to their latest major versions to
  resolve Node.js 20 deprecation warnings ahead of the June 2026 cutoff.
 2026-03-18 19:01:50 -04:00
Timothy Miller
94ce10fccc Only set Host header for literal-IP trace URLs 
The fallback hostname-based URL and custom URLs resolve correctly
without a Host override, so restrict the header to the cases that
need it (direct IP connections to 1.1.1.1 / [2606:4700:4700::1111]).
 2026-03-18 18:19:55 -04:00
Timothy Miller
7e96816740 Merge pull request #240 from masterwishx/dev-test 
Fix proxyIP + Notify
 2026-03-18 16:34:28 -04:00
DaRK AnGeL
8a4b57c163 undo FIX: remove duplicates so CloudflareHandle::set_ips sees stable input 
Signed-off-by: DaRK AnGeL <28630321+masterwishx@users.noreply.github.com>
 2026-03-17 10:10:00 +02:00
DaRK AnGeL
3c7072f4b6 Merge branch 'master' of https://github.com/masterwishx/cloudflare-ddns 2026-03-17 10:05:15 +02:00
DaRK AnGeL
3d796d470c Deduplicate IPs before DNS record update 
Remove duplicate IPs before updating DNS records to ensure stable input.

Signed-off-by: DaRK AnGeL <28630321+masterwishx@users.noreply.github.com>
 2026-03-17 10:04:20 +02:00
DaRK AnGeL
36bdbea568 Deduplicate IPs before DNS record update 
Remove duplicate IPs before updating DNS records to ensure stable input.
 2026-03-16 20:28:26 +02:00
DaRK AnGeL
6085ba0cc2 Add Host header to fetch_trace_ip function 2026-03-16 09:02:10 +02:00
Timothy Miller
560a3b7b28 Bump version to 2.0.2 2026-03-13 00:10:31 -04:00
Timothy Miller
1b3928865b Use literal IP trace URLs as primary 
Primary trace endpoints now use literal IPs per address family to
guarantee correct address family selection. Fallback uses
api.cloudflare.com to work around WARP/Zero Trust interception. Rename
constants and update tests accordingly.
 2026-03-13 00:04:08 -04:00
5 changed files with 57 additions and 42 deletions
Expand all files Collapse all files

10
.github/workflows/image.yml vendored
View File

@@ -15,14 +15,14 @@ jobs:
uses: actions/checkout@v6
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
@@ -35,7 +35,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: timothyjmiller/cloudflare-ddns
tags: |
@@ -46,7 +46,7 @@ jobs:
type=raw,enable=${{ github.ref == 'refs/heads/master' }},value=${{ steps.version.outputs.version }}
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
push: ${{ github.event_name != 'pull_request' }}

2
Cargo.lock generated
View File

@@ -103,7 +103,7 @@ dependencies = [
[[package]]
name = "cloudflare-ddns"
version = "2.0.1"
version = "2.0.2"
dependencies = [
"chrono",
"idna",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "cloudflare-ddns"
version = "2.0.1"
version = "2.0.3"
edition = "2021"
description = "Access your home network remotely via a custom domain name without a static IP"
license = "GPL-3.0"

64
src/provider.rs
View File

@@ -145,12 +145,15 @@ impl ProviderType {
// --- Cloudflare Trace ---
/// Primary trace URL uses a hostname so DNS resolves normally, avoiding the
/// problem where WARP/Zero Trust intercepts requests to literal 1.1.1.1.
const CF_TRACE_PRIMARY: &str = "https://api.cloudflare.com/cdn-cgi/trace";
/// Fallback URLs use literal IPs for when api.cloudflare.com is unreachable.
const CF_TRACE_V4_FALLBACK: &str = "https://1.0.0.1/cdn-cgi/trace";
const CF_TRACE_V6_FALLBACK: &str = "https://[2606:4700:4700::1001]/cdn-cgi/trace";
/// Primary trace URLs use literal IPs to guarantee the correct address family.
/// api.cloudflare.com is dual-stack, so on dual-stack hosts (e.g. Docker
/// --net=host with IPv6) the connection may go via IPv6 even when detecting
/// IPv4, causing the trace endpoint to return the wrong address family.
const CF_TRACE_V4_PRIMARY: &str = "https://1.0.0.1/cdn-cgi/trace";
const CF_TRACE_V6_PRIMARY: &str = "https://[2606:4700:4700::1001]/cdn-cgi/trace";
/// Fallback uses a hostname, which works when literal IPs are intercepted
/// (e.g. Cloudflare WARP/Zero Trust).
const CF_TRACE_FALLBACK: &str = "https://api.cloudflare.com/cdn-cgi/trace";
pub fn parse_trace_ip(body: &str) -> Option<String> {
for line in body.lines() {
@@ -161,13 +164,17 @@ pub fn parse_trace_ip(body: &str) -> Option<String> {
None
}
async fn fetch_trace_ip(client: &Client, url: &str, timeout: Duration) -> Option<IpAddr> {
let resp = client
.get(url)
.timeout(timeout)
.send()
.await
.ok()?;
async fn fetch_trace_ip(
client: &Client,
url: &str,
timeout: Duration,
host_override: Option<&str>,
) -> Option<IpAddr> {
let mut req = client.get(url).timeout(timeout);
if let Some(host) = host_override {
req = req.header("Host", host);
}
let resp = req.send().await.ok()?;
let body = resp.text().await.ok()?;
let ip_str = parse_trace_ip(&body)?;
ip_str.parse::<IpAddr>().ok()
@@ -199,7 +206,7 @@ async fn detect_cloudflare_trace(
let client = build_split_client(ip_type, timeout);
if let Some(url) = custom_url {
if let Some(ip) = fetch_trace_ip(&client, url, timeout).await {
if let Some(ip) = fetch_trace_ip(&client, url, timeout, None).await {
if validate_detected_ip(&ip, ip_type, ppfmt) {
return vec![ip];
}
@@ -211,13 +218,13 @@ async fn detect_cloudflare_trace(
return Vec::new();
}
let fallback = match ip_type {
IpType::V4 => CF_TRACE_V4_FALLBACK,
IpType::V6 => CF_TRACE_V6_FALLBACK,
let primary = match ip_type {
IpType::V4 => CF_TRACE_V4_PRIMARY,
IpType::V6 => CF_TRACE_V6_PRIMARY,
};
// Try primary (api.cloudflare.com — resolves via DNS, avoids literal-IP interception)
if let Some(ip) = fetch_trace_ip(&client, CF_TRACE_PRIMARY, timeout).await {
// Try primary (literal IP — guarantees correct address family)
if let Some(ip) = fetch_trace_ip(&client, primary, timeout, Some("one.one.one.one")).await {
if validate_detected_ip(&ip, ip_type, ppfmt) {
return vec![ip];
}
@@ -227,8 +234,8 @@ async fn detect_cloudflare_trace(
&format!("{} not detected via primary, trying fallback", ip_type.describe()),
);
// Try fallback (literal IP — useful when DNS is broken)
if let Some(ip) = fetch_trace_ip(&client, fallback, timeout).await {
// Try fallback (hostname-based — works when literal IPs are intercepted by WARP/Zero Trust)
if let Some(ip) = fetch_trace_ip(&client, CF_TRACE_FALLBACK, timeout, None).await {
if validate_detected_ip(&ip, ip_type, ppfmt) {
return vec![ip];
}
@@ -918,14 +925,13 @@ mod tests {
// ---- trace URL constants ----
#[test]
fn test_trace_primary_uses_hostname_not_ip() {
// Primary must use a hostname (api.cloudflare.com) so DNS resolves normally
// and WARP/Zero Trust doesn't intercept the request.
assert_eq!(CF_TRACE_PRIMARY, "https://api.cloudflare.com/cdn-cgi/trace");
assert!(CF_TRACE_PRIMARY.contains("api.cloudflare.com"));
// Fallbacks use literal IPs for when DNS is broken.
assert!(CF_TRACE_V4_FALLBACK.contains("1.0.0.1"));
assert!(CF_TRACE_V6_FALLBACK.contains("2606:4700:4700::1001"));
fn test_trace_urls() {
// Primary URLs use literal IPs to guarantee correct address family.
assert!(CF_TRACE_V4_PRIMARY.contains("1.0.0.1"));
assert!(CF_TRACE_V6_PRIMARY.contains("2606:4700:4700::1001"));
// Fallback uses a hostname for when literal IPs are intercepted (WARP/Zero Trust).
assert_eq!(CF_TRACE_FALLBACK, "https://api.cloudflare.com/cdn-cgi/trace");
assert!(CF_TRACE_FALLBACK.contains("api.cloudflare.com"));
}
// ---- build_split_client ----

13
src/updater.rs
View File

@@ -24,6 +24,7 @@ pub async fn update_once(
let mut all_ok = true;
let mut messages = Vec::new();
let mut notify = false; // NEW: track meaningful events
if config.legacy_mode {
all_ok = update_legacy(config, ppfmt).await;
@@ -108,6 +109,7 @@ pub async fn update_once(
match result {
SetResult::Updated => {
notify = true; // NEW
let ip_strs: Vec<String> = ips.iter().map(|ip| ip.to_string()).collect();
messages.push(Message::new_ok(&format!(
"Updated {domain_str} -> {}",
@@ -115,6 +117,7 @@ pub async fn update_once(
)));
}
SetResult::Failed => {
notify = true; // NEW
all_ok = false;
messages.push(Message::new_fail(&format!(
"Failed to update {domain_str}"
@@ -147,12 +150,14 @@ pub async fn update_once(
match result {
SetResult::Updated => {
notify = true; // NEW
messages.push(Message::new_ok(&format!(
"Updated WAF list {}",
waf_list.describe()
)));
}
SetResult::Failed => {
notify = true; // NEW
all_ok = false;
messages.push(Message::new_fail(&format!(
"Failed to update WAF list {}",
@@ -164,13 +169,17 @@ pub async fn update_once(
}
}
// Send heartbeat
// Send heartbeat ONLY if something meaningful happened
if notify {
let heartbeat_msg = Message::merge(messages.clone());
heartbeat.ping(&heartbeat_msg).await;
}
// Send notifications
// Send notifications ONLY when IP changed or failed
if notify {
let notifier_msg = Message::merge(messages);
notifier.send(&notifier_msg).await;
}
all_ok
}