coop-cloud/traefik
7
2
Fork 16
Code Issues 11 Pull Requests 2 Releases Wiki Activity

Add Cloudflare as DNS provider #103

Merged
decentral1se merged 4 commits from Zigzagill/traefik:add-cloudflare-dns into master 2026-05-16 23:37:49 +00:00
Conversation 3 Commits 4 Files Changed 3 +29 -2
3 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.env.sample
View File

@ -86,6 +86,15 @@ COMPOSE_FILE="compose.yml"
#SECRET_PORKBUN_API_KEY_VERSION=v1
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
## Cloudflare, htps://cloudflare.com
## To insert your secrets:
## abra app secret insert {myapp.example.coop} cf_email v1 "<CLOUDFLARE_EMAIL>"
## abra app secret insert {myapp.example.coop} cf_api_key v1 "<CLOUDFLARE_API_KEY>"
## cf_api_key is an account API key from Cloudflare that has DNS read + edit permission
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1 # generate=false
decentral1se marked this conversation as resolved Outdated
decentral1se commented 2026-05-15 09:05:07 +00:00
Outdated
Review
Copy Link

I just realise it's generate=false and we have no docs for this 😆

pkg/secret/secret.go Line 193 in 8dbde3d158
generateRaw, ok := modifierValues["generate"]

Although, I've seen people using generated=false but does it work?

I just realise it's `generate=false` and we have no docs for this 😆 https://git.coopcloud.tech/toolshed/abra/src/commit/8dbde3d15869d1eda0bbb71c4e8c43dfe092e5ff/pkg/secret/secret.go#L193 Although, I've seen people using `generated=false` but does it work?
Zigzagill commented 2026-05-15 20:03:23 +00:00
Outdated
Review
Copy Link

Aha! You're 100% correct. Just tested, generated still threw an error for "secret not generated", generate allowed me to insert the secret without needing one on the server already 😄

I'm 99% sure the generate=false flag should be added to all of the other DNS provider secrets. I'd be happy to open a separate PR for that as well!

Aha! You're 100% correct. Just tested, `generated` still threw an error for "secret not generated", `generate` allowed me to insert the secret without needing one on the server already 😄 I'm 99% sure the `generate=false` flag should be added to all of the other DNS provider secrets. I'd be happy to open a separate PR for that as well!
🎉 1
decentral1se commented 2026-05-16 23:37:23 +00:00
Outdated
Review
Copy Link

Thanks @Zigzagill, a fix PR for the other DNS providers would be excellent 🙏

Thanks @Zigzagill, a fix PR for the other DNS providers would be excellent 🙏
#SECRET_CLOUDFLARE_API_KEY_VERSION=v1 # generate=false
#####################################################################
# Manual wildcard certificate insertion #
#####################################################################

4
README.md
View File

@ -42,8 +42,8 @@ subdomains, like
need to give Traefik access to your DNS provider so that it can carry out
Letsencrypt DNS challenges.
1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
can be easily added, see
1. Use Gandi, OVH, DO, Azure, PorkBun, or Cloudflare for DNS 🤡 (support for
other providers can be easily added, see
[the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
2. Run `abra app config YOURAPPDOMAIN`
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.

18
compose.cloudflare.yml Normal file
View File

@ -0,0 +1,18 @@
version: "3.8"
services:
app:
environment:
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cf_email
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cf_api_key
secrets:
- cf_email
- cf_api_key
secrets:
cf_email:
name: ${STACK_NAME}_cf_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
external: true
cf_api_key:
name: ${STACK_NAME}_cf_api_key_${SECRET_CLOUDFLARE_API_KEY_VERSION}
external: true