Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant Authentication Errors #73

Open
mariaWitch opened this issue Aug 14, 2022 · 3 comments
Open

Constant Authentication Errors #73

mariaWitch opened this issue Aug 14, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@mariaWitch
Copy link

Summary

When I add a new domain to a container through traefik, cloudflare-companion errors out repeatedly with authentication failures to cloudflare. I'm not sure if something has changed with Cloudflare's API, but both of my other services which rely on the same API keys/tokens do not have the same issue as this does.

Steps to reproduce

(Input your api keys and tokens, and then attempt to start the container with a host set to a subset of the domain.)

What is the expected correct behavior?

It should not error and should create the subdomain automatically.

Relevant logs and/or screenshots

cloudflare-companion    | 2022-08-14.15:59:38 [STARTING] ** [traefik-cloudflare-companion] [19] Starting Traefik Cloudflare Companion
cloudflare-companion    | Traceback (most recent call last):
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 466, in <module>
cloudflare-companion    |     sync_mappings(get_initial_mappings(traefik_included_hosts, traefik_excluded_hosts), doms)
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 354, in sync_mappings
cloudflare-companion    |     if point_domain(k, domain_infos):
cloudflare-companion    |   File "/usr/sbin/cloudflare-companion", line 168, in point_domain
cloudflare-companion    |     records = cf.zones.dns_records.get(domain_info['zone_id'], params={u'name': name})
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 695, in get
cloudflare-companion    |     return self._base.call_with_auth('GET', self._parts,
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 139, in call_with_auth
cloudflare-companion    |     return self._call(method, headers, parts,
cloudflare-companion    |   File "/usr/lib/python3.10/site-packages/CloudFlare/cloudflare.py", line 525, in _call
cloudflare-companion    |     raise CloudFlareAPIError(code, message)
cloudflare-companion    | CloudFlare.exceptions.CloudFlareAPIError: Authentication error

Environment

  • Image version / tag: 6.8.5
  • Host OS: Proxmox VE 7.2-7
  • Guest OS: Almalinux 8.6 x86_64
docker-compose.yml 
version: "3.7"
networks:
  internal:
    driver: bridge
  services:
    driver: bridge
  keycloakDB:
    driver: bridge
volumes:
  traefik-logs:
services:
  cloudflare-ddns:
    image: timothyjmiller/cloudflare-ddns:latest
    container_name: cloudflare-ddns
    security_opt:
      - no-new-privileges:true
    network_mode: "host"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./CloudflareDDNS/config.json:/config.json:ro
    restart: unless-stopped
  cloudflare-companion:
    image: tiredofit/traefik-cloudflare-companion:latest
    container_name: cloudflare-companion
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TRAEFIK_VERSION=2
      - CF_EMAIL=<Redacted>
      - CF_TOKEN=<Redacted>
      - TARGET_DOMAIN=ddns.domain.tld
      - DOMAIN1=domain.tld
      - DOMAIN1_PROXIED=true
      - DOMAIN1_ZONE_ID=<Redacted>
      #- DOCKER_HOST=tcp://198.51.100.32:2376
      #- DOCKER_CERT_PATH=/docker-certs
      #- DOCKER_TLS_VERIFY=1
    networks:
      - internal
      - services
    restart: unless-stopped
  KCPostgres:
    image: bitnami/postgresql:14
    container_name: keycloakDB
    restart: unless-stopped
    networks:
      - keycloakDB
    volumes:
      - ./postgres/data/postgres_data:/bitnami/postgresql/
    ports:
      - 5432:5432
    env_file:
      - ./postgres/KCpostgres.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U <Redacted>"]
      interval: 10s
      timeout: 5s
      retries: 5
  KCPBackup:
      image: bitnami/postgresql:14
      container_name: KCDBBackup
      networks: 
        - keycloakDB
      volumes:
        - ./postgres/data/backup/:/dump/
      restart: unless-stopped
      environment:
        - PGHOST=KCPostgres
        - PGUSER=<redacted>
        - PGPASSWORD=<redacted>
        - BACKUP_NUM_KEEP=7
        - BACKUP_FREQUENCY=1d
      entrypoint: |
        bash -c 'bash -s <<EOF
        trap "break;exit" SIGHUP SIGINT SIGTERM
        sleep 2m
        while /bin/true; do
          pg_dump -Fc > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.psql
          (ls -t /dump/dump*.psql|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.psql)|sort|uniq -u|xargs rm -- {}
          sleep $$BACKUP_FREQUENCY
        done
        EOF'
      depends_on:
        KCPostgres:
          condition: service_healthy
  traefik:
      image: traefik:vacherin
      container_name: traefik
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      networks:
        - services
      ports:
        - 80:80
        - 443:443
        - 8080:8080
      environment:
        - CF_API_EMAIL=<Redacted>
        #- CF_API_KEY=<Redacted>
        - CF_DNS_API_TOKEN=<Redacted>
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./Traefik/data/traefik.yml:/traefik.yml:ro
        - ./Traefik/data/acme.json:/acme.json
        - ./Traefik/data/config.yml:/config.yml:ro
        - ./Traefik/data/log:/var/log/traefik
      labels:
        - traefik.enable=true
        - traefik.http.routers.traefik.entrypoints=http
        - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
        - traefik.http.middlewares.redirect-to-https.redirectscheme.port=443
        - traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)
        - traefik.http.routers.redirs.entrypoints=http
        - traefik.http.routers.redirs.middlewares=redirect-to-https
        - traefik.http.routers.dashboard.rule=Host(`traefik.domain.tld`)
        - traefik.http.services.dashboard.loadbalancer.server.port=8080

Possible fixes
@mariaWitch mariaWitch added the bug Something isn't working label Aug 14, 2022
@mariaWitch
Copy link
Author

I figured out the issue, you apparently need to point CF_TOKEN to your global API key not your API_Token for the specific zone and Domain. Perhaps clarifiying this on the instructions would prevent people from encountering this issue.

@tigerkzr
Copy link

tigerkzr commented Oct 8, 2022

I figured out the issue, you apparently need to point CF_TOKEN to your global API key not your API_Token for the specific zone and Domain. Perhaps clarifiying this on the instructions would prevent people from encountering this issue.

just want to note that you have to put the global API key in a file call "cf_token". Like an idiot, I kept trying to point my cf_api_key file at the CF_TOKEN env var...

@Vinylwalk3r
Copy link

I also want to comment that I had this exact issue. I found that creating a API token with the settings found below fixed it or me and it now works. Strange that the Global API token didnt work, but this does.
Zone - DNS - Edit
Zone - Zone Settings - Edit
Zone - Zone - Edit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tigerkzr @Vinylwalk3r @mariaWitch