This guide provides detailed instructions to set up a secure, flexible, and scalable IP updater service using systemd. The service is designed to support:
- Single or multiple IP update services.
- The ability to send or not send the IP, depending on the needs of each service (e.g., some services like AdGuard can automatically detect the IP).
- Introduction
- Prerequisites
- Security Considerations
- Creating a Dedicated User
- Setting Up the Systemd Service
- Configuring the Service for Single, Multiple, or No IP Sending
- Managing and Monitoring the Service
- Customizing for Specific Services
- Troubleshooting
- Best Practices
This guide walks you through setting up a robust IP updater service using systemd, which can:
- Send IP updates to one or more dynamic DNS or IP services.
- Optionally omit sending the IP for services that auto-detect it (such as AdGuard).
The service is ideal for dynamic environments where public IPs change and need to be reported to one or more systems. It also offers high configurability and security features.
Ensure you have the following before proceeding:
- Linux system with systemd (most modern distributions).
curl
installed to retrieve and send the public IP address.- Sudo/root access to manage users and systemd services.
To enhance security:
- Use a dedicated system user for running the service, limiting its privileges.
- Always use HTTPS URLs for updating IPs, ensuring communication is encrypted.
- If your service links contain sensitive information like API keys, consider masking or securely storing these keys to avoid exposure in logs or process lists.
-
Create a dedicated system user for the IP updater service:
sudo useradd -r -s /sbin/nologin ipupdater
-r
: System user without home directory.-s /sbin/nologin
: Prevents login capabilities for the user, improving security.
This user will own the service, ensuring it runs with minimal privileges.
Next, create and configure the systemd service to handle IP updates.
-
Create the systemd service file:
sudo nano /etc/systemd/system/ip-updater.service
-
Add the following content:
This configuration supports both sending the IP address to multiple services and skipping it when necessary.
[Unit] Description=IP Updater Service After=network-online.target Wants=network-online.target [Service] Type=simple User=ipupdater # Comma-separated list of URLs (use ':noip' suffix for services that don't need the IP) Environment="UPDATE_LINKS=https://service1.com/update,https://service2.com/update:noip" # Interval for checking IP (in seconds) Environment="CHECK_INTERVAL=300" ExecStart=/bin/bash -c 'while true; do \ current_ip=$(curl -s https://api.ipify.org); \ if [ -n "$current_ip" ]; then \ IFS=','; for link in ${UPDATE_LINKS}; do \ if [[ $link == *":noip" ]]; then \ # Strip ':noip' and send without IP clean_link=${link%:noip}; \ curl -s "$clean_link" && echo "Sent request to $clean_link without IP"; \ else \ # Send IP curl -s "${link}/${current_ip}" && echo "Successfully updated ${link} with IP ${current_ip}"; \ fi; \ done; \ else \ echo "Failed to retrieve IP address"; \ fi; \ sleep ${CHECK_INTERVAL}; \ done' Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
-
Explanation:
Environment="UPDATE_LINKS"
: Contains a comma-separated list of IP update URLs. Use:noip
after the URL for services that don’t require the IP to be explicitly sent.ExecStart
: The script checks each URL. If the URL has:noip
, it sends the request without the IP; otherwise, it appends the current IP.CHECK_INTERVAL
: Defines how frequently (in seconds) the service checks and updates the IP.
-
Save and exit the file (press
Ctrl+X
, thenY
, andEnter
).
To configure the service for a single IP update service, modify the UPDATE_LINKS
environment variable to a single URL:
Environment="UPDATE_LINKS=https://your-single-service.com/update"
For multiple services, provide a comma-separated list of URLs:
Environment="UPDATE_LINKS=https://service1.com/update,https://service2.com/update"
For services that auto-detect the IP (like AdGuard), append :noip
to the URL:
Environment="UPDATE_LINKS=https://service1.com/update,https://adguard-dns.com/update:noip"
This will send the request without appending the IP for services where the :noip
suffix is used.
By default, the service checks every 300 seconds (5 minutes). Adjust this by changing the CHECK_INTERVAL
value. For example, to check every 10 minutes:
Environment="CHECK_INTERVAL=600"
You can manage the service using systemd commands:
-
Reload systemd to recognize the new service:
sudo systemctl daemon-reload
-
Enable the service to start at boot:
sudo systemctl enable ip-updater.service
-
Start the service:
sudo systemctl start ip-updater.service
-
Check the status of the service:
sudo systemctl status ip-updater.service
-
View the logs for the service:
sudo journalctl -u ip-updater.service -n 50
This will show the last 50 log entries for troubleshooting.
Some services may require additional parameters or authentication, such as API keys. Modify the curl
command in the ExecStart
section to include necessary headers or parameters.
Example with an API key:
curl -s -H "Authorization: Bearer YOUR_API_KEY" "${link}/${current_ip}"
Ensure you follow your service provider’s API documentation for correct usage.
- Service not starting: Use
sudo systemctl status ip-updater.service
andsudo journalctl -u ip-updater.service
to check for errors. - Failed to get IP: Ensure
curl
can retrieve your IP by manually testing withcurl https://api.ipify.org
. - Service not updating: Check the
UPDATE_LINKS
and ensure the URLs are correctly formatted, and verify that each service accepts the update format you're using.
- Log Management: Ensure logs are rotated to avoid excessive disk usage.
- Security: Keep sensitive data like API keys secure and avoid exposing them in process lists or logs.
- Service Monitoring: Consider using a monitoring solution to ensure the IP updater service is running as expected.
By following this guide, you now have a secure and flexible IP updater service that can handle multiple dynamic DNS services, with options to send or omit the IP as needed for different services.