Background
Having successfully implemented a VPN service on my network using a Raspberry Pi using the excellent PiVpn/Wireguard combination, I needed to ensure that I could access my home network via the dynamic IP address provided by my ISP. Rather than using a DDNS provider such as DynDNS, DuckDNS or No-IP, I decided to implement my own solution using my website host.
The method I implemented relies on access to API provided by CPanel. A small python script (written by Sebastian Wyngaard) on the Raspberry Pi regularly updates the IP address of a subweb I have set up on my web site to ensure that I able to access my network when I am away from home.
The instructions provided by the author of the scrip generally worked but I did need to alter some of the settings. The following explains some of the settings I needed to use and also clarifies some of the instructions I felt were not clear.
Setting up CPanel
Long into CPanel and go to Domains > Zone Editor > Manage > Add Record
Create a subdomain (eg lan.mysite.com) and enter a fake IP address:
subdomain.domain. 14400 IN A [IP ADDRESS - Enter wrong one for testing]
I also reduced the A record TTL from the default (14400) to 3168.
Once the script is running refresh this page to see if it is being updated by the script.
Location of python script and parameter file
I found the combination of root user and pi user used by the author rather confusing and unnecessary complicated. I instead did all the installation using the Pi user. It was installed on a Raspberry Pi 4 2Gb running the Raspberry Pi desktop interface. The script (updater.py) and params file (contains the CPanel Password) were installed in at /root/home/pi/bin. I had to create the bin folder. I used Nano (or the desktop editor) rather than Vim to edit the Cron and params file.
Security
The author explains the reason for placing the params file in root/bin rather than /root/home/pi/bin and changing the access permissions so that only the root user can view the file were reasons of security. Given the storing of a plain text password is inherently insecure (a better method would be to use an API token) I was led to believe that putting the params file in a different location did not make it more secure than using a password protected pi user account. I also question whether it is any less secure to place the login/password in the cron job rather than a separate params file? However I chose to use the params method.
Testing the script
The following was used to test that the updater works and changes the DNS entry:
cat params | xargs ./updater.py
Cron
The Cron job I used differs to the one suggested by the author. A sleep has to be included to allow time for the pi to complete its boot and initiate the network and also the paths were slightly different:
#Dynamic DNS Updater (Updates the IP address every hour and on system startup)
* * * * * cd /home/pi/bin && cat params | xargs ./updater.py
@reboot sleep 60 && cd /home/pi/bin && cat params | xargs ./updater.py
Going back to my earlier point, perhaps it would have been easier and just as secure to place the password in the Cron job rather than using a params file?
IE:
0 * * * * bin/updater.py -u user -p ******* domain.com lan ?? https://cpaneladdress.net:2083
@reboot bin/updater.py -u user -p ******** domain.com lan ?? https://cpaneladdress.net:2083
Associated links
cPanel API: https://documentation.cpanel.net/displa ... anel+API+2
The Dynamic DNS updater and instructions. These did work but I found I needed to run the YouTube instructions alongside and some steps were difficult to follow. Hopefully the above will help you: https://github.com/swyngaard/dynamic-dns-updater and https://www.youtube.com/watch?v=IhEu_IYUhjs
Alternative approaches for updating CPanel. I did not find these as clear as the one outlined by Sebastian Wyngaard: http://www.ariyanki.net/php/?act=read&id=143 and https://github.com/TeamPalmTree/WHMDDNS