Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Using Cloudflare without Global API Key

    Support
    cloudflare
    5
    16
    600
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • iamthefij
      iamthefij App Dev last edited by girish

      I'd prefer to restrict a Cloudron instance to a particular zone rather than use the Global API Key. Whenever I do so, I get an error from Cloudron. What should the account be scoped to? Or is it even possible to use this?

      1 Reply Last reply Reply Quote 2
      • nebulon
        nebulon Staff last edited by

        Do you get any more specific error codes/messages while trying to add a domain with such a key?

        iamthefij 1 Reply Last reply Reply Quote 0
        • iamthefij
          iamthefij App Dev @nebulon last edited by

          @nebulon not really. It just said it cannot connect.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            @iamthefij Do those API keys start with v1.0- ? If so, per the docs, we have to set a special header variable unlike the global API key (https://api.cloudflare.com/#getting-started-requests)

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff last edited by

              4.4 has support for API tokens - https://git.cloudron.io/cloudron/box/commit/b0420889adac8de3ae9edf9f2bd1e96c7c9c1191

              1 Reply Last reply Reply Quote 1
              • iamthefij
                iamthefij App Dev last edited by

                Awesome! Thanks Girish!

                1 Reply Last reply Reply Quote 0
                • hiyukoim
                  hiyukoim translator last edited by

                  Do you have a documentation/blog post about the Cloudflare API setup for Cloudron?
                  This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?
                  f04853be-9279-4d5e-8a19-8207f14824e6-CleanShot 2020-02-09 at 11.48.36@2x.png

                  JOduMonT 1 Reply Last reply Reply Quote 1
                  • girish
                    girish Staff last edited by

                    Configuration looks correct. Ideally, Cloudron does not require access to all zones but without it we have to make the user enter the zone id which is kinda hard to find in the cloudflare UI.

                    hiyukoim 1 Reply Last reply Reply Quote 0
                    • hiyukoim
                      hiyukoim translator @girish last edited by

                      Thank you for having a look, @girish !

                      1 Reply Last reply Reply Quote 0
                      • JOduMonT
                        JOduMonT @hiyukoim last edited by

                        @hiyukoim said in Using Cloudflare without Global API Key:

                        This is my settings for now, but I'm not sure if I miss something. My instance working alright with the following settings, but if you know the better/secure/correct settings, could you let me know?

                        831f1d4f-8e35-4d61-8fec-af29d421cc0a-image.png

                        Thank for this screenshot
                        it's work like a charm 😉

                        1 Reply Last reply Reply Quote 0
                        • girish
                          girish Staff last edited by

                          I wish we can remove the "All zones" setting but afaict there is no way to get the zone id (which is required by the API) without listing the zones. I guess one alternative is to let users the zone id in the DNS setup form but this appears complicated.

                          JOduMonT 1 Reply Last reply Reply Quote 0
                          • JOduMonT
                            JOduMonT @girish last edited by JOduMonT

                            @girish said in Using Cloudflare without Global API Key:

                            I wish we can remove the "All zones" setting but afaict there is no way to get the zone id (which is required by the API) without listing the zones. I guess one alternative is to let users the zone id in the DNS setup form but this appears complicated.

                            I don't know if something change from Cloudflare and/or Cloudron side around this but I was able to limit the API to a specific zone without issue
                            ef706647-6d5f-48f6-91e3-34eda57d5d0d-image.png

                            and then to 3 specific zone and one specific IP

                            ed3e1c07-0ac8-4ec6-aa49-71ca3c9e834a-image.png

                            It's still working with these only this Permission

                            1. Zone.DNS Edit
                            1 Reply Last reply Reply Quote 0
                            • girish
                              girish Staff last edited by

                              @JOduMonT thanks for the heads up. Looks like this is something new in Cloudflare, will test it out and update docs accordingly.

                              1 Reply Last reply Reply Quote 0
                              • girish
                                girish Staff last edited by

                                Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

                                JOduMonT 2 Replies Last reply Reply Quote 0
                                • JOduMonT
                                  JOduMonT @girish last edited by

                                  @girish said in Using Cloudflare without Global API Key:

                                  Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

                                  I had to reinstall my Cloudflare than with these setting at Cloudflare
                                  28970987-a44c-4e39-96b2-6ca9457c2056-image.png

                                  the detail of this Token
                                  a77b8215-8df5-4d7d-b8ae-2f5220255022-image.png

                                  I had zero issue to install and configure my 5 domains

                                  the only right my Cloudron API have is to
                                  Edit specific Zone from a specific IP

                                  1 Reply Last reply Reply Quote 1
                                  • JOduMonT
                                    JOduMonT @girish last edited by

                                    @girish said in Using Cloudflare without Global API Key:

                                    Can confirm that all zones access is not required in cloudflare anymore. Will update docs.

                                    I just added a domain than, just to be more concise
                                    we have to specify the Zone Name

                                    af9fe70e-4e52-450f-8527-72561927c428-image.png

                                    unless it will not work with only Zone -> DNS -> Edit permissions at Cloudflare
                                    ab12edf9-baea-4e95-8941-1268a7cb5a96-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Powered by NodeBB