Scenario
- You have Cloudfalre Zero Trust and you are on the free account.
- Your home/office IP is not static.
- You cannot log into Cloudflare Zero Trust all the time to update the IP address.
Solution
Cloudflare has an extensive list of APIs available to do just about anything. We are interested in this API:
Step 1: Create an API Key and grab your Account ID
You can click on any of your domain names and create an API key that has Zero Trust Read and Edit permissions.
Step 2: Get a list of Zero Trust Gateway Locations
curl --location 'https://api.cloudflare.com/client/v4/accounts/{{account_id}}/gateway/locations' \
--header 'Authorization: Bearer {{api_key}}'
Your response will look something like this. The first “id” is your Zero Trust location.
Step 3: Update the IP address
Here you can get creative. For example, you can use dig or some other tool to periodically check your local IP address and compare it to what you have configured in your Zero Trust. This can be automated.
Should your IP change, you can update it using this API call:
curl --location --request PUT 'https://api.cloudflare.com/client/v4/accounts/{{account_id}}/gateway/locations/{{zone_id}}' \
--header 'Authorization: Bearer {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{
"client_default": true,
"ecs_support": false,
"name": "Home",
"networks": [
{
"network": "197.xxx.xxx.xxx/32"
}
]
}'
You will notice there is a bug in the Cloudflare API documentation in their “networks” key for this call. This post explains it: https://community.cloudflare.com/t/create-update-teams-location-documentation-error/324335