Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Using Cloudflare without Global API Key

Scheduled Pinned Locked Moved Solved Support
cloudflare
16 Posts 5 Posters 679 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    wrote on last edited by girish
    #1

    I'd prefer to restrict a Cloudron instance to a particular zone rather than use the Global API Key. Whenever I do so, I get an error from Cloudron. What should the account be scoped to? Or is it even possible to use this?

    1 Reply Last reply
    2
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    Do you get any more specific error codes/messages while trying to add a domain with such a key?

    iamthefijI 1 Reply Last reply
    0
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    replied to nebulon on last edited by
    #3

    @nebulon not really. It just said it cannot connect.

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #4

    @iamthefij Do those API keys start with v1.0- ? If so, per the docs, we have to set a special header variable unlike the global API key (https://api.cloudflare.com/#getting-started-requests)

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #5

    4.4 has support for API tokens - https://git.cloudron.io/cloudron/box/commit/b0420889adac8de3ae9edf9f2bd1e96c7c9c1191

    1 Reply Last reply
    1
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    wrote on last edited by
    #6

    Awesome! Thanks Girish!

    1 Reply Last reply
    0
  • hiyukoimH Offline
    hiyukoimH Offline
    hiyukoim translator
    wrote on last edited by
    #7

    Do you have a documentation/blog post about the Cloudflare API setup for Cloudron?
    This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?
    f04853be-9279-4d5e-8a19-8207f14824e6-CleanShot 2020-02-09 at 11.48.36@2x.png

    JOduMonTJ 1 Reply Last reply
    1
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #8

    Configuration looks correct. Ideally, Cloudron does not require access to all zones but without it we have to make the user enter the zone id which is kinda hard to find in the cloudflare UI.

    hiyukoimH 1 Reply Last reply
    0
  • hiyukoimH Offline
    hiyukoimH Offline
    hiyukoim translator
    replied to girish on last edited by
    #9

    Thank you for having a look, @girish !

    1 Reply Last reply
    0
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to hiyukoim on last edited by
    #10

    @hiyukoim said in Using Cloudflare without Global API Key:

    This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?

    831f1d4f-8e35-4d61-8fec-af29d421cc0a-image.png

    Thank for this screenshot
    it's work like a charm 😉

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #11

    I wish we can remove the "All zones" setting but afaict there is no way to get the zone id (which is required by the API) without listing the zones. I guess one alternative is to let users the zone id in the DNS setup form but this appears complicated.

    JOduMonTJ 1 Reply Last reply
    0
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to girish on last edited by JOduMonT
    #12

    @girish said in Using Cloudflare without Global API Key:

    I wish we can remove the "All zones" setting but afaict there is no way to get the zone id (which is required by the API) without listing the zones. I guess one alternative is to let users the zone id in the DNS setup form but this appears complicated.

    I don't know if something change from Cloudflare and/or Cloudron side around this but I was able to limit the API to a specific zone without issue
    ef706647-6d5f-48f6-91e3-34eda57d5d0d-image.png

    and then to 3 specific zone and one specific IP

    ed3e1c07-0ac8-4ec6-aa49-71ca3c9e834a-image.png

    It's still working with these only this Permission

    1. Zone.DNS Edit
    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #13

    @JOduMonT thanks for the heads up. Looks like this is something new in Cloudflare, will test it out and update docs accordingly.

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #14

    Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

    JOduMonTJ 2 Replies Last reply
    0
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to girish on last edited by
    #15

    @girish said in Using Cloudflare without Global API Key:

    Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

    I had to reinstall my Cloudflare than with these setting at Cloudflare
    28970987-a44c-4e39-96b2-6ca9457c2056-image.png

    the detail of this Token
    a77b8215-8df5-4d7d-b8ae-2f5220255022-image.png

    I had zero issue to install and configure my 5 domains

    the only right my Cloudron API have is to
    Edit specific Zone from a specific IP

    1 Reply Last reply
    1
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to girish on last edited by
    #16

    @girish said in Using Cloudflare without Global API Key:

    Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

    I just added a domain than, just to be more concise
    we have to specify the Zone Name

    af9fe70e-4e52-450f-8527-72561927c428-image.png

    unless it will not work with only Zone -> DNS -> Edit permissions at Cloudflare
    ab12edf9-baea-4e95-8941-1268a7cb5a96-image.png

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.