共计 9233 个字符,预计需要花费 24 分钟才能阅读完成。
引用自:https://blog.starryvoid.com/archives/313.html
1、前言
服务器 IP 总是变,没事就会变个新的,这时候就需要一个 Dynamic Domain Name Server 来保证实时的 DNS 更换。
当然首先这个需要你的 DNS 解析商做配合,本文则采用 Cloudflare+DDNS+Shell
2、准备
准备工具
Cloudflare 的 Global API
Cloudflare 解析的域名一个
前提要素
Curl Wget 已安装
3、DDNS 获取新 IP 地址 Shell 脚本
下载地址:[ 链接 ]
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#
# Dynamic Domain Name Server (Cloudflare API)
#
# Author: StarryVoid <stars@starryvoid.com>
# Intro: https://blog.starryvoid.com/archives/313.html
#
# Select API(1) Or Token(2)
SelectAT="1"
# CloudFlare API " X-Auth-Email: *** " " X-Auth-Key: *** "
XAUTHEMAIL="YOUREMAILADDRESS"
XAUTHKEY="YOURCLOUDFLAREAPIKEY"
# CloudFlare Token " Authorization: Bearer *** "
AuthorizationToken="YOURTOKEN"
# Domain Name " example.com " " ddns.example.com "
ZONENAME="DOMAIN"
DOMAINNAME="DOMAINNAME"
DOMAINTTL="1"
# Output
OUTPUTINFO="$(pwd)/ddns_output.info"
OUTPUTLOG="$(pwd)/ddns_shell.log"
# Time
DATETIME=$(date +%Y-%m-%d_%H:%M:%S)
# ------------ Start ------------
check_environment () {
if ! [ -x "$(command -v curl)" ]; then echo "Command not found \"curl\"" >> "${OUTPUTLOG}" ; exit 1 ; fi
if ! [ -x "$(command -v wget)" ]; then echo "Command not found \"wget\"" >> "${OUTPUTLOG}" ; exit 1 ; fi
}
check_selectAT () {
if [[ ! "${SelectAT}" = 1 && ! "${SelectAT}" = 2 ]]; then echo "Failed to Select API(1) Or Token(2)" >> "${OUTPUTLOG}"; exit 1; fi
}
get_zone_records() {
if [ "${SelectAT}" = 1 ]; then ZONERECORDSLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=${ZONENAME}" -H "X-Auth-Email: ${XAUTHEMAIL}" -H "X-Auth-Key: ${XAUTHKEY}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
if [ "${SelectAT}" = 2 ]; then ZONERECORDSLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=${ZONENAME}" -H "Authorization: Bearer ${AuthorizationToken}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
ZONERECORDS=$(echo "${ZONERECORDSLOG}" | awk BEGIN{RS=EOF}'{gsub(/\n/," ");print}' | sed 's/ //g' | grep -Po '(?<="id":")[^"]*' | head -1 )
if [ ! "${ZONERECORDS}" ]; then echo "Failed to get zone_records from cloudflare." >> "${OUTPUTLOG}" ; echo "---log---" >> "${OUTPUTLOG}" ; echo "${ZONERECORDSLOG}" >> "${OUTPUTLOG}" ; echo "---log---" >> "${OUTPUTLOG}" ; exit 1; fi
}
get_dns_records() {
if [ "${SelectAT}" = 1 ]; then DNSRECORDSLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records?type=A&name=${DOMAINNAME}" -H "X-Auth-Email: ${XAUTHEMAIL}" -H "X-Auth-Key: ${XAUTHKEY}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
if [ "${SelectAT}" = 2 ]; then DNSRECORDSLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records?type=A&name=${DOMAINNAME}" -H "Authorization: Bearer ${AuthorizationToken}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
DNSRECORDS=$(echo "${DNSRECORDSLOG}" | awk BEGIN{RS=EOF}'{gsub(/\n/," ");print}' | sed 's/ //g' | grep -Po '(?<="id":")[^"]*' | head -1 )
if [ ! "${DNSRECORDS}" ]; then echo "Failed to get dns_records from cloudflare." >> "${OUTPUTLOG}"; echo "---log---" >> "${OUTPUTLOG}" ; echo "${DNSRECORDSLOG}" >> "${OUTPUTLOG}" ; echo "---log---" >> "${OUTPUTLOG}" ; exit 1; fi
}
get_domain_ip() {
if [ "${SelectAT}" = 1 ]; then DOMAINIPADDLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records/${DNSRECORDS}" -H "X-Auth-Email: ${XAUTHEMAIL}" -H "X-Auth-Key: ${XAUTHKEY}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
if [ "${SelectAT}" = 2 ]; then DOMAINIPADDLOG=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records/${DNSRECORDS}" -H "Authorization: Bearer ${AuthorizationToken}" -H "Content-Type: application/json" --connect-timeout 30 -m 10 ); fi
DOMAINIPADD=$(echo "${DOMAINIPADDLOG}" | awk BEGIN{RS=EOF}'{gsub(/\n/," ");print}' | sed 's/ //g' | grep -Po '(?<="content":")[^"]*' | head -1 )
if [ ! "${DOMAINIPADD}" ]; then echo "Failed to get DNS resolution address from cloudflare." >> "${OUTPUTLOG}"; echo "---log---" >> "${OUTPUTLOG}" ; echo "${DOMAINIPADDLOG}" >> "${OUTPUTLOG}" ; echo "---log---" >> "${OUTPUTLOG}" ; exit 1; fi
}
update_new_ipaddress() {
if [ "${SelectAT}" = 1 ]; then curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records/${DNSRECORDS}" -H "X-Auth-Email: ${XAUTHEMAIL}" -H "X-Auth-Key: ${XAUTHKEY}" -H "Content-Type: application/json" --data "{\"type\":\"A\",\"name\":\"${DOMAINNAME}\",\"content\":\"${NEWIPADD}\",\"ttl\":"${DOMAINTTL}",\"proxied\":false}" --connect-timeout 30 -m 10 > /dev/null 2>&1 && UPDATENEWIPADDRESS=1 || UPDATENEWIPADDRESS=0; fi
if [ "${SelectAT}" = 2 ]; then curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONERECORDS}/dns_records/${DNSRECORDS}" -H "Authorization: Bearer ${AuthorizationToken}" -H "Content-Type: application/json" --data "{\"type\":\"A\",\"name\":\"${DOMAINNAME}\",\"content\":\"${NEWIPADD}\",\"ttl\":"${DOMAINTTL}",\"proxied\":false}" --connect-timeout 30 -m 10 > /dev/null 2>&1 && UPDATENEWIPADDRESS=1 || UPDATENEWIPADDRESS=0; fi
if [ "${UPDATENEWIPADDRESS}" = 1 ] ; then echo "Successfully updated domain name resolution address." >> "${OUTPUTLOG}" ; fi
if [ "${UPDATENEWIPADDRESS}" = 0 ] ; then echo "Failed to updated domain name resolution address." >> "${OUTPUTLOG}" ; exit 1 ; fi
}
get_server_new_ip() {
[ -z "${NEWIPADD}" ] && NEWIPADD=$( wget -qO- -t1 -T2 https://ipv4.icanhazip.com )
[ -z "${NEWIPADD}" ] && NEWIPADD=$( wget -qO- -t1 -T2 https://api.ipify.org )
[ -z "${NEWIPADD}" ] && NEWIPADD=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
[ -z "${NEWIPADD}" ] && NEWIPADD=$( wget -qO- -t1 -T2 api.ipify.org )
[ -z "${NEWIPADD}" ] && NEWIPADD=$( wget -qO- -t1 -T2 ipinfo.io/ip )
if [[ ! "${NEWIPADD}" ]]; then echo "Failed to get server public network address from internet." >> "${OUTPUTLOG}"; exit 1; fi
}
check_ddns_info_file() {
if [ -f "${OUTPUTINFO}" ]; then
CHECKDDNSINFOFILE=1
ZONERECORDS=$(cat < "${OUTPUTINFO}" | grep "ZONERECORDS=" | awk -F "=" '{print $2}' | sed 's/\"//g' | sed "s/\'//g" )
DNSRECORDS=$(cat < "${OUTPUTINFO}" | grep "DNSRECORDS=" | awk -F "=" '{print $2}' | sed 's/\"//g' | sed "s/\'//g" )
DOMAINIPADD=$(cat < "${OUTPUTINFO}" | grep "DOMAINIPADD=" | awk -F "=" '{print $2}' | sed 's/\"//g' | sed "s/\'//g" )
if [[ ! "${ZONERECORDS}" ]]; then CHECKDDNSINFOFILE=0 ; fi
if [[ ! "${DNSRECORDS}" ]]; then CHECKDDNSINFOFILE=0 ; fi
if [[ ! "${DOMAINIPADD}" ]]; then CHECKDDNSINFOFILE=0 ; fi
else
CHECKDDNSINFOFILE=0
fi
if [ "${CHECKDDNSINFOFILE}" = 0 ] ; then echo "Failed to check DDNS information file." >> "${OUTPUTLOG}" ; rm -f "${OUTPUTINFO}" ; exit 1 ; fi
}
make_ddns_info_file() {
if [ -f "${OUTPUTINFO}" ] ; then rm -f "${OUTPUTINFO}" ; fi
touch "${OUTPUTINFO}"
echo Update Time is "${DATETIME}" >> "${OUTPUTINFO}"
get_zone_records
get_dns_records
get_domain_ip
echo -e "ZONERECORDS=\"${ZONERECORDS}\"\nDNSRECORDS=\"${DNSRECORDS}\"\nDOMAINIPADD=\"${DOMAINIPADD}\"" >> "${OUTPUTINFO}"
echo "Successfully generated DDNS information." >> "${OUTPUTLOG}"
}
main() {
check_environment
check_selectAT
echo "Running Time is ${DATETIME}" >> "${OUTPUTLOG}"
get_server_new_ip
if [ -f "${OUTPUTINFO}" ]; then
check_ddns_info_file
else
make_ddns_info_file
fi
if [[ "${NEWIPADD}" == "${DOMAINIPADD}" ]]; then
echo "IP address has not changed." >> "${OUTPUTLOG}"
exit 0
else
update_new_ipaddress
sleep 10s
make_ddns_info_file
if [[ "${NEWIPADD}" == "${DOMAINIPADD}" ]]; then
echo "IP address has been modified to \"${NEWIPADD}\"." >> "${OUTPUTLOG}"
exit 0
else
echo "IP address modification failed." >> "${OUTPUTLOG}"
exit 1
fi
fi
}
# ------------ End ------------
main
4、讲解
首先本文制作过程中参考过秋水逸冰的脚本,在此表示感谢
4.1、脚本配置 Global API 版
我们需要将所需的内容(Cloudflare API 和 DDNS 域名)填入对应位置
# Select API(1) Or Token(2) SelectAT="1" # CloudFlare API " X-Auth-Email: *** " " X-Auth-Key: *** " XAUTHEMAIL="mail@example.com" #你的 Cloudflare 邮箱用户名 XAUTHKEY="123123123123" #你的 Cloudflare Global API Key # Domain Name " example.com " " ddns.example.com " ZONENAME="example.com" #你的二级域名 DOMAINNAME="ddns.example.com" #你的 DDNS 域名 DOMAINTTL="1" #你的域名 TTL 时间,默认 1 为 auto
4.2、脚本配置 Token 版
我们需要将所需的内容(Cloudflare Token 和 DDNS 域名)填入对应位置
# Select API(1) Or Token(2) SelectAT="2" # CloudFlare Token " Authorization: Bearer *** " AuthorizationToken="YOURTOKEN" # Domain Name " example.com " " ddns.example.com " ZONENAME="example.com" #你的二级域名 DOMAINNAME="ddns.example.com" #你的 DDNS 域名 DOMAINTTL="1" #你的域名 TTL 时间,默认 1 为 auto
4.3、定时运行
如果需要定时运行,可以编辑/etc/crontab 实现定期运行,下例为 5min 运行一次
先 cd 进入目录是为了隔离不同 DDNS 脚本生成的数据和日志文件。否则默认放/root 目录下。
# Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed */5 * * * * root cd /autoshell && bash cloudflare-ddns.sh
4.4、脚本输出
默认会在用户所在目录下生成两个文件 ddnsrun.data 和 ddnsrun.log ,前者是储存获取的 API 信息,后者是储存运行日志。
[root@linux auto]# cat ddnsrun.data
Update Time 2018-12-02_11:43:01
ZONERECORDS=*
DNSRECORDS=*
OldIPAddress=*.*.*.*
[root@linux auto]# cat ddnsrun.log
Running Time is 2018-12-02_11:43:01
IP address has been changed to *.*.*.*
Running Time is 2018-12-02_11:44:01
The IP address is the same
Running Time is 2018-12-02_11:45:01
The IP address is the same
Running Time is 2018-12-02_11:46:01
The IP address is the same
如果出现问题,可以在日志中查看问题原因。
4.5、获取 Cloudflare 的 API Tokens
首先进入 Cloudflare 的个人配置页面 [链接]
找到下面的 API Tokens (Manage access and permissions for your accounts, sites, and products.)
然后点击右侧的 Create Token 创建新的 Token ( 相对 Global API 约束访问权限 )
新的 Token 需要配置权限,本次 DDNS 需要的权限分别为 Account.Dns Firewall.Read 和 Zone.Zone.Read 和 Zone.DNS.Edit 三条。配置好后确认
*** 提醒:2020/03/05 发现 Cloudflare 如果 Token 配置了 Zone Resources 限制区域,会导致无法获取 Zone Record 。
*** 现象:执行命令返回 “message”:”Actor ‘com.cloudflare.api.token.***’ requires permission ‘com.cloudflare.api.account.zone.list’ to list zones”
*** 暂时解决方式:配置为 All zones 。
最后核对好权限后再次确认,显示” *** API token was successfully updated “,此时你可以查看你的 Token ,并点击 Copy 即可复制。
4.6、获取 Cloudflare 的 Global API
首先进入 Cloudflare 的个人配置页面 [链接]
找到下面的 API Keys (Keys used to access Cloudflare APIs.)
然后在 Global API Key 一行点击右侧的 View 查看你的 Global API Key
最后额外注意,Global API 需要搭配你的邮箱账户名才可以使用
5、后期修订
2019/11/05、经由 Sion 提醒,换行符在发表文章时丢失,现已提供下载地址。 同时支持 Token 方式管理。
2020/03/05、发现 Cloudflare 关于 Token 配置疑似 Bug ,已增加额外提醒。
2020/04/26、发现 Cloudflare 关于 List DNS Records 的返回结果有变化,额外增加判定
正文完
