DDNS
DDNS is optional in the sense that you can manually set your DNS record to your ephemeral address, but I don’t know how often Google gives you a new address. Furthermore, LetsEncrypt has a problem with some DDNS providers, so having a real DNS provider like Cloudflare, etc, may be necessary.
Dynamic DNS is supported using ddclient through the ddclient docker container. The ddclient container provides a configuration file at ddns/ddclient.conf that you must edit to work with your particular DNS provider. Their GitHub repo here contains documentation on configuring ddclient and the ddclient.conf file.
Note:
ddclient.confis created automatically in theddns/directory by the ddns container when it is run the first time, and any changes made to this configuration file will automatically be read in by the ddns container, no need to stop and start the container; you will see this shown in the logs.
DDNS first tries to get your external IP address. There are many approaches to this, but the most straightforward way is to just get it from Google directly. Use this use value to query from Google for any provider (credit to @dollis in #87):
use=cmd cmd='curl -s -H "Metadata-Flavor:Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip'
Some DDNS provider settings below include a use value, but they are commented out and can be used as backup if necessary in the future.
Edit ddns/ddclient.conf and add the following lines:
#use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address
protocol=cloudflare
zone=<your cloudflare site / base URL / e.g. example.com>
ttl=0
login=<your e-mail>
password=<GLOBAL API KEY FOUND UNDER [MY PROFILE]-> [API TOKENS] IN CLOUDFLARE>
<your bitwarden site subdomain / e.g. bw.example.com>
Newer commits to ddclient support API tokens which are a better choice than a global key.
Note: if you use Cloudflare's proxying functionality, you need to change the Caddyfile to reflect their header configuration:
header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
where the last Ip is not all uppercase due to the way Caddy works.
- Create free account duckdns.org
- Add
sub-domain - Replace
<sub-domain>in the following files with createdsub-domain - Replace
<token>in the following files with the accounttoken
## GLOBAL VARIABLES ###
# The fully-qualified domain name for Bitwarden - what address do you want Bitwarden accessible?
# Do not include the protocol (http/https), that is added when needed in docker-compose.yml
# Used for caddy proxy and ddns with Cloudflare
DOMAIN=<sub-domain>.duckdns.org
## DDNS VARIABLES ###
# These variables are only necessary if you are using DDNS / comment them out if you don't use ddns
# Enter user id (use `id -u` to determine your user id)
# PUID=
# Enter group id (use `id -g` to determine your group id)
# PGID=- NOTE: might need to
sudo chown -R <user>:<user> ddnsfirst
daemon=300
syslog=yes
verbose=yes
pid=/var/run/ddclient/ddclient.pid
ssl=yes
#use=web
##
## Duckdns (http://www.duckdns.org/)
##
#
login=<sub-domain>
server=www.duckdns.org
password=<token>
protocol=duckdns
<sub-domain>.duckdns.org
Set up a dynamic DNS record. This can be found when you go to manage your domain, then click through to the menu "Advanced DNS"
You can then create a dynamic record at the bottom of the screen:
Whatever you enter into the "Host" field will become <your_subdomain>.
Make sure to set up DOMAIN=<your_subdomian>.<your_domain>.<your_tld>
You can then set up ddclient.conf to use namecheap dynamic DNS.
# ddclient.conf
#use=web, web=dynamicdns.park-your-domain.com/getip
protocol=namecheap, \
server=dynamicdns.park-your-domain.com \
login=<your_domain>, \
password=<password_provided> \
<subdomain>
Namecheap's support article for ddclient configuration: https://www.namecheap.com/support/knowledgebase/article.aspx/583/11/how-do-i-configure-ddclient/