cloudflare-ddns icon indicating copy to clipboard operation
cloudflare-ddns copied to clipboard
verified publisher icon favonia

Improve the README structure

Open NotaInutilis opened this issue 1 year ago • 6 comments

Hi! I've got an issue with passing the cloudflare API token via a secret on docker compose file. It works when pasting it as an environment variable but outputs an error 😞 Failed to check the existence of a zone named DOMAIN: Invalid request headers (6003) when using a secret. I first asked for help on the formatting of my compose file, but it doesn't seem that there is any issue with it so instead of bashing my head on my keyboard, I'm asking for some help here.

services:
  cloudflare-ddns:
    container_name: cloudflare-ddns
    image: favonia/cloudflare-ddns
    restart: always
    user: ${USER}
    read_only: true
    cap_drop: [all]
    security_opt: [no-new-privileges:true]
    environment:
      - CLOUDFLARE_API_TOKEN=/run/secrets/CLOUDFLARE_API_TOKEN
      - DOMAINS=DOMAIN
      - PROXIED=false
    secrets:
      - CLOUDFLARE_API_TOKEN

secrets:
  CLOUDFLARE_API_TOKEN:
    file: ./secrets/CLOUDFLARE_API_TOKEN.txt

NotaInutilis avatar Nov 07 '24 00:11 NotaInutilis

Hi! Thanks for opening the issue. The environment variable name for secrets should be CLOUDFLARE_API_TOKEN_FILE instead of CLOUDFLARE_API_TOKEN. Do you think there's something we can change in README to clarify this?

favonia avatar Nov 07 '24 08:11 favonia

Aaah! It was thar simple, thank you!

I think there are several things that ca be done with the readme.

  1. While I understand why you chose to expand each section (this readme is LONG), it disables search with ctrl+f in the folded sections. I also believe thar just browsing the full extended page, that info would have caught my eye. Tables are easy to recognize and are always used to give configuration info in readmes.
  2. The Compose File section and the All Settings are separated by two other sections (Building and Running, FAQ). I think grouping all the relevant information together would make more sense. I was searching for info around the compose file, not further away in the document.
  3. Adding some keywords like "txt file" and "secrets file" around the API token section of the compose file so that the user knows there are other options they can look for.

I'd say the same for the Proxied option: it looks like a simple binary choice when the more useful info is also hidden.

NotaInutilis avatar Nov 07 '24 12:11 NotaInutilis

@NotaInutilis You are not the only one tripping over the expandable descriptions. I now think I should remove all of the folding.

favonia avatar Nov 08 '24 14:11 favonia

I have no issues searching (ctrl+f) the README on Google Chrome (latest) on M2 MacBook. The folds open accordingly when going trough the search results.

I think it could be beneficial to link to the Docker Compose documentation on how to use secrets in general: https://docs.docker.com/compose/how-tos/use-secrets/

samumakinen avatar Dec 26 '24 07:12 samumakinen

@samumakinen Thanks for the suggestion.

After further investigation, I now see that Chrome-based browsers will expand the folds automatically but Firefox and Safari will not. :thinking:

Let's open another ticket for me to track the documentation of secrets.

favonia avatar Dec 27 '24 03:12 favonia

Just wanted to share my experience with podman in case others might be facing a similar issue and situation. I'm trying to setup a podman quadlet for cloudflare-ddns where I save the cloudflare API token in a podman secret and mount it into the podman container, but for some reason when I have READONLY=true set in my podman quadlet, the cloudflare-ddns container fails to start due to a make mountpoint "/run/secrets/cloudflare-dns-token": read-only file system error. I had to remove the READONLY=true line from my podman quadlet in order for the podman container to start up successfully, so I just wanted to mention to those using podman secrets that the suggested docker-compose.yml in the README.md might not be the most ideal reference for creating a corresponding podman quadlet.

Here's the fixed, working podman quadlet I have for reference below. Note that this is a system quadlet saved under /etc/containers/systemd (at least on Debian), you should change the line WantedBy=multi-user.target to WantedBy=default.target and save the quadlet under /etc/containers/systemd/users or ~/.config/containers/systemd if you want to run this quadlet as a non-root user.

[Unit]
Description=Cloudflare DDNS service
After=network-online.target
Wants=network-online.target

[Container]
Image=docker.io/favonia/cloudflare-ddns:latest
ContainerName=cloudflare-ddns
Network=host
DropCapability=all
NoNewPrivileges=true
AutoUpdate=registry

# Comma-separated list of domains to keep updated
Environment=DOMAINS=<domain1, domain2, ...>
# Whether Cloudflare proxy (orange cloud) should be on
Environment=PROXIED=true
# Use the Podman secret to provide CLOUDFLARE_API_TOKEN
## NOTE: Container must not be read-only for secret to be mounted successfully
Secret=<secret name>
Environment=CLOUDFLARE_API_TOKEN_FILE=/run/secrets/<secret name>

[Service]
Restart=always

[Install]
WantedBy=multi-user.target

haoyangw avatar Nov 22 '25 14:11 haoyangw