Repository files navigation

Welcome toZonecontrol (Cloudflare Zones Settings Automation, previously named Flared), a powerful, scalable, and fully automated solution for managing and applying your Cloudflare zone configurations across multiple domains. This tool allows you to define default configurations and customize settings for individual domains, all while leveraging Cloudflare’s robust API for performance, security, and caching management.

This project provides anautomated and centralized solution to manage multiple Cloudflare domains (zones) using asingle YAML configuration file. By defining your zone configurations in a declarative manner, you can easily apply settings such as SSL/TLS configurations, HTTP/3, caching rules, and performance optimizations across all your domains with a simple script.

• Multi-domain support for scalable zone management.
• Declarative YAML configuration for easy adjustments.
• CI/CD automation with GitHub Actions or other pipelines.
• Free plan compatibility with Cloudflare’s most essential settings.

• Multi-Domain Support: Manage multiple Cloudflare zones/domains from a single configuration file.
• Default Configurations: Define default settings that apply to all zones, with the ability to override them for specific domains.
• Customization: Tailor settings like SSL/TLS versions, HTTP/3, Rocket Loader, Brotli compression, caching, and more.
• Free Plan Compatible: Out-of-the-box support for Cloudflare's free plan settings.

• API Token Security: Securely handle Cloudflare API tokens via GitHub Secrets.
• Automation: Integrate with GitHub Actions or CI/CD tools for recurring updates.
• Error Handling & Logging: Comprehensive logging and robust error handling, ensuring unsupported configurations are skipped without breaking the workflow.
• Version Control: Automatically push updates to your repository for easy configuration tracking.

Define all zone settings in a YAML file. Common configurations are placed under adefault section, while customizations are made on a per-zone basis.

The script reads the configuration, applies settings using Cloudflare’s API, and commits any configuration updates back to your repository.

This setup works seamlessly with GitHub Actions (or any CI/CD tool) to automate the configuration process on a schedule or trigger.

The configuration is written in YAML format for simplicity. Below is an example that defines default settings and customizations for specific domains.

cloudflare:default:# Default settings that apply to all zones unless overriddenssl:"full"min_tls_version:"1.2"http3:truerocket_loader:"off"brotli:"on"ipv6:"on"always_online:"on"automatic_https_rewrites:"on"opportunistic_encryption:"on"cache_level:"aggressive"browser_cache_ttl:14400edge_cache_ttl:31536000challenge_ttl:3600zones:    -id:"1234567890abcdef1234567890abcdef"domain:"example.com"# This zone inherits all settings from default except those explicitly defined heresettings:ssl:"strict"min_tls_version:"1.3"# Override the default for this zone    -id:"0987654321fedcba0987654321fedcba"domain:"anotherdomain.com"# This zone can inherit settings from default without overriding anythingsettings:{}

• default: Common settings that apply to all domains unless overridden.
• zones: List of individual zones (domains), each of which can inherit from or override the default settings.
• Zone IDs and FQDNs are hardcoded: The Zone IDs (id) and domains (domain) are explicitly specified in the YAML file.

• Cloudflare Account: Ensure you have an active Cloudflare account and API token with appropriate permissions.
• GitHub Repository: Prepare a GitHub repository containing your YAML configuration file and script.
• GitHub Actions Setup: This solution is designed to work seamlessly with GitHub Actions, but can also be adapted for any CI/CD tool.

git clone https://github.com/fabriziosalmi/flared.gitcd flared

• Cloudflare API Token: Create your API token via theCloudflare dashboard and add it to GitHub Secrets asCLOUDFLARE_API_TOKEN.
• YAML Configuration: Editconfig/cloudflare.yaml to define your zone settings, hardcoding the Zone IDs and domain names.

python scripts/apply_cloudflare.py --config config/cloudflare.yaml

Create the following workflow file to automate updates:

name:Cloudflare Settings Automationon:workflow_dispatch:schedule:    -cron:'0 0 * * *'# Runs daily at midnightjobs:apply-settings:runs-on:ubuntu-lateststeps:      -name:Checkout repositoryuses:actions/checkout@v2      -name:Set up Pythonuses:actions/setup-python@v2with:python-version:'3.9'      -name:Install dependenciesrun:|          python -m venv venv          source venv/bin/activate          python -m pip install --upgrade pip          pip install requests pydantic tenacity pyyaml      -name:Run Cloudflare scriptenv:CLOUDFLARE_API_TOKEN:${{ secrets.CLOUDFLARE_API_TOKEN }}run:|          source venv/bin/activate          python scripts/apply_cloudflare.py --config config/cloudflare.yaml      -name:Handle errorsif:failure()run:echo "::error::Workflow failed at some steps."

Here’s an example log output showing a successful update:

::INFO :: Cloudflare API token is valid.::INFO :: Processing zone example.com...::INFO :: Successfully updated SSL to full for example.com.::INFO :: Successfully updated HTTP/3 for example.com....::INFO :: Configuration saved to output/example_com_config.json

• API Token: Never store your Cloudflare API token in the repository. Use environment variables or GitHub Secrets to protect sensitive information.
• Hardcoded Zone IDs: Ensure the Zone IDs and domains in the YAML configuration remain up to date.

The script handles errors gracefully, skipping invalid or unsupported configurations, ensuring your workflow isn’t disrupted.

This project is highly customizable. Add support for new Cloudflare features, integrate with other CI/CD systems, or modify the YAML structure to suit your specific use case.

Contributions are welcome! If you have new feature suggestions or find bugs, feel free to open an issue or submit a pull request.

If You like my projects, you may also like these ones:

• caddy-waf Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
• patterns Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy
• blacklists Hourly updated domains blacklist 🚫
• proxmox-vm-autoscale Automatically scale virtual machines resources on Proxmox hosts
• UglyFeed Retrieve, aggregate, filter, evaluate, rewrite and serve RSS feeds using Large Language Models for fun, research and learning purposes
• proxmox-lxc-autoscale Automatically scale LXC containers resources on Proxmox hosts
• DevGPT Code togheter, right now! GPT powered code assistant to build project in minutes
• websites-monitor Websites monitoring via GitHub Actions (expiration, security, performances, privacy, SEO)
• caddy-mib Track and ban client IPs generating repetitive errors on Caddy
• lws linux (containers) web services
• cf-box cf-box is a set of Python tools to play with API and multiple Cloudflare accounts.
• limits Automated rate limits implementation for web servers
• dnscontrol-actions Automate DNS updates and rollbacks across multiple providers using DNSControl and GitHub Actions
• proxmox-lxc-autoscale-ml Automatically scale the LXC containers resources on Proxmox hosts with AI
• csv-anonymizer CSV fuzzer/anonymizer
• iamnotacoder AI code generation and improvement

This project is licensed under the AGPL3 License. See theLICENSE file for more details.