In this guide, you will configure cloudflare-ddns which will create and update an A record with your external IP in your Cloudflare account.
When you’re finished, you’ll be able to point local apps/services to a domain/subdomain using a proxy.
Before you begin this guide you’ll need the following:
- Cloudflare account with a domain added
Step 1 — Create a Custom Cloudflare API Token
The cloudflare-ddns container will use a custom API token to send the updated IP to your Cloudflare account. To create the custom token go to your Cloudflare profile and click on API Tokens.
First, click on Create Token.
Next, under Create Custom Token, click “Get started”. Name your token anything, I used cloudflare-ddns for instance.
Next, add the following permissions for Zone.
- Zone: Zone Settings -> Read
- Zone: Zone -> Read
- Zone: DNS -> Edit
Under Zone Resources, include All zones from an account under your account.
Click Continue to summary and it should look like the following:
Finally, click Create Token then copy and save the token to be used in the next step.
Step 2 — Create a Docker Container Using cloudflare-ddns
If you use docker-compose, that’s fine, but for the purpose of this tutorial, I’m using Portainer.
First, go to Portainer, open Stacks, give the stack a name (cloudflare-ddns), and paste the following along with your newly created API Token.
version: '2' services: cloudflare-ddns: image: oznu/cloudflare-ddns:latest restart: always environment: - API_KEY=xxxxxxx - ZONE=example.com - PROXIED=true # - PUID= # - PGID=
If you know your PUID and PGID add them as well.
After that click Deploy the stack.
Once the container is up and running, check Cloudflare account to see that an A Record has been added to your specified domain with your external IP.
Now cloudflare-ddns will update an A Record for your specified domain and proxy to Cloudflare. This can be used to proxy local apps/services using Nginx Proxy Manager, NGINX, or haproxy for example.
I recently started using Cloudflare Tunnel instead of a reverse proxy. You can find a great guide on how to use it here. It adds a nice layer of security and removes the need to run and manage a reverse proxy.