Skip to content

Instantly share code, notes, and snippets.

@1999AZZAR
Last active October 5, 2024 16:44
Show Gist options
  • Save 1999AZZAR/bf96f94016fe671e30c97d4b4c9e8261 to your computer and use it in GitHub Desktop.
Save 1999AZZAR/bf96f94016fe671e30c97d4b4c9e8261 to your computer and use it in GitHub Desktop.
This guide provides detailed instructions to set up a secure, flexible, and scalable IP updater service using systemd.

IP Updater Service Guide (Single, Multiple, and Optional IP Sending Support)

This guide provides detailed instructions to set up a secure, flexible, and scalable IP updater service using systemd. The service is designed to support:

  • Single or multiple IP update services.
  • The ability to send or not send the IP, depending on the needs of each service (e.g., some services like AdGuard can automatically detect the IP).

Table of Contents

  1. Introduction
  2. Prerequisites
  3. Security Considerations
  4. Creating a Dedicated User
  5. Setting Up the Systemd Service
  6. Configuring the Service for Single, Multiple, or No IP Sending
  7. Managing and Monitoring the Service
  8. Customizing for Specific Services
  9. Troubleshooting
  10. Best Practices

Introduction

This guide walks you through setting up a robust IP updater service using systemd, which can:

  • Send IP updates to one or more dynamic DNS or IP services.
  • Optionally omit sending the IP for services that auto-detect it (such as AdGuard).

The service is ideal for dynamic environments where public IPs change and need to be reported to one or more systems. It also offers high configurability and security features.

Prerequisites

Ensure you have the following before proceeding:

  • Linux system with systemd (most modern distributions).
  • curl installed to retrieve and send the public IP address.
  • Sudo/root access to manage users and systemd services.

Security Considerations

To enhance security:

  • Use a dedicated system user for running the service, limiting its privileges.
  • Always use HTTPS URLs for updating IPs, ensuring communication is encrypted.
  • If your service links contain sensitive information like API keys, consider masking or securely storing these keys to avoid exposure in logs or process lists.

Creating a Dedicated User

  1. Create a dedicated system user for the IP updater service:

    sudo useradd -r -s /sbin/nologin ipupdater
    • -r: System user without home directory.
    • -s /sbin/nologin: Prevents login capabilities for the user, improving security.

This user will own the service, ensuring it runs with minimal privileges.

Setting Up the Systemd Service

Next, create and configure the systemd service to handle IP updates.

  1. Create the systemd service file:

    sudo nano /etc/systemd/system/ip-updater.service
  2. Add the following content:

    This configuration supports both sending the IP address to multiple services and skipping it when necessary.

    [Unit]
    Description=IP Updater Service
    After=network-online.target
    Wants=network-online.target
    
    [Service]
    Type=simple
    User=ipupdater
    # Comma-separated list of URLs (use ':noip' suffix for services that don't need the IP)
    Environment="UPDATE_LINKS=https://service1.com/update,https://service2.com/update:noip"
    # Interval for checking IP (in seconds)
    Environment="CHECK_INTERVAL=300"
    ExecStart=/bin/bash -c 'while true; do \
        current_ip=$(curl -s https://api.ipify.org); \
        if [ -n "$current_ip" ]; then \
            IFS=','; for link in ${UPDATE_LINKS}; do \
                if [[ $link == *":noip" ]]; then \
                    # Strip ':noip' and send without IP
                    clean_link=${link%:noip}; \
                    curl -s "$clean_link" && echo "Sent request to $clean_link without IP"; \
                else \
                    # Send IP
                    curl -s "${link}/${current_ip}" && echo "Successfully updated ${link} with IP ${current_ip}"; \
                fi; \
            done; \
        else \
            echo "Failed to retrieve IP address"; \
        fi; \
        sleep ${CHECK_INTERVAL}; \
    done'
    Restart=always
    RestartSec=60
    
    [Install]
    WantedBy=multi-user.target
  3. Explanation:

    • Environment="UPDATE_LINKS": Contains a comma-separated list of IP update URLs. Use :noip after the URL for services that don’t require the IP to be explicitly sent.
    • ExecStart: The script checks each URL. If the URL has :noip, it sends the request without the IP; otherwise, it appends the current IP.
    • CHECK_INTERVAL: Defines how frequently (in seconds) the service checks and updates the IP.
  4. Save and exit the file (press Ctrl+X, then Y, and Enter).

Configuring the Service for Single, Multiple, or No IP Sending

Single IP Update Service

To configure the service for a single IP update service, modify the UPDATE_LINKS environment variable to a single URL:

Environment="UPDATE_LINKS=https://your-single-service.com/update"

Multiple IP Update Services

For multiple services, provide a comma-separated list of URLs:

Environment="UPDATE_LINKS=https://service1.com/update,https://service2.com/update"

Omitting IP for Certain Services

For services that auto-detect the IP (like AdGuard), append :noip to the URL:

Environment="UPDATE_LINKS=https://service1.com/update,https://adguard-dns.com/update:noip"

This will send the request without appending the IP for services where the :noip suffix is used.

Adjusting the IP Check Interval

By default, the service checks every 300 seconds (5 minutes). Adjust this by changing the CHECK_INTERVAL value. For example, to check every 10 minutes:

Environment="CHECK_INTERVAL=600"

Managing and Monitoring the Service

You can manage the service using systemd commands:

  1. Reload systemd to recognize the new service:

    sudo systemctl daemon-reload
  2. Enable the service to start at boot:

    sudo systemctl enable ip-updater.service
  3. Start the service:

    sudo systemctl start ip-updater.service
  4. Check the status of the service:

    sudo systemctl status ip-updater.service
  5. View the logs for the service:

    sudo journalctl -u ip-updater.service -n 50

This will show the last 50 log entries for troubleshooting.

Customizing for Specific Services

Some services may require additional parameters or authentication, such as API keys. Modify the curl command in the ExecStart section to include necessary headers or parameters.

Example with an API key:

curl -s -H "Authorization: Bearer YOUR_API_KEY" "${link}/${current_ip}"

Ensure you follow your service provider’s API documentation for correct usage.

Troubleshooting

  • Service not starting: Use sudo systemctl status ip-updater.service and sudo journalctl -u ip-updater.service to check for errors.
  • Failed to get IP: Ensure curl can retrieve your IP by manually testing with curl https://api.ipify.org.
  • Service not updating: Check the UPDATE_LINKS and ensure the URLs are correctly formatted, and verify that each service accepts the update format you're using.

Best Practices

  • Log Management: Ensure logs are rotated to avoid excessive disk usage.
  • Security: Keep sensitive data like API keys secure and avoid exposing them in process lists or logs.
  • Service Monitoring: Consider using a monitoring solution to ensure the IP updater service is running as expected.

By following this guide, you now have a secure and flexible IP updater service that can handle multiple dynamic DNS services, with options to send or omit the IP as needed for different services.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment