Skip to content

Automatically create TLSA records in Cloudflare based off of a local certificate chain

License

Notifications You must be signed in to change notification settings

SmollClover/Cloudflare-TLSA-Generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cloudflare TLSA Generator

GitHub license Docker Pulls Docker Image Size

Automatically generate and update TLSA records from a .pem certificate on Cloudflare.


Usage

Environment Variables

Variable Type Default Example Description
CERT REQUIRED unset /data/certs/mail.example.com/cert.pem The path to the certificate
CF_API_TOKEN REQUIRED unset XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX A Cloudflare API Token with access to the Zone and to read and write DNS records
ZONE_ID OPTIONAL unset XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Explicit ID of Cloudflare Zone used instead of using the Domain
COMMON_NAME OPTIONAL read from certificate mail.example.com Common name used for the TLSA record
DOMAIN OPTIONAL derived from COMMON_NAME example.com Domain used to get Cloudflare Zone
TLSA_PREFIX OPTIONAL _25._tcp _25._tcp Prefix used for the TLSA record name

Basic Example

services:
  cloudflare-tlsa:
    image: smollclover/cloudflare-tlsa-generator:latest
    volumes:
        - certs:/data/certs:ro
    environment:
        - CERT=/data/certs/mail.example.com/cert.pem
        - CF_API_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX