cloudflare next

2026-02-10 14:26:02 -06:00 · 2026-02-10 14:26:02 -06:00 · 07e2449d04
parent 3bd1ed14cf
commit 07e2449d04
1 changed files with 108 additions and 0 deletions
--- a/basic_setup/cloudflareDnsPart.sh
+++ b/basic_setup/cloudflareDnsPart.sh
@ -0,0 +1,108 @@
+#!/bin/bash
+
+# ==========================================
+# KONFIGURATION
+# ==========================================
+
+AWS_REGION="us-east-2"            
+
+if [ -z "$DOMAIN_NAME" ]; then
+  echo "Fehler: DOMAIN_NAME ist nicht gesetzt (z.B. export DOMAIN_NAME='bayarea-cc.com')."
+  exit 1
+fi
+if [ -z "$CF_API_TOKEN" ]; then
+    echo "Fehler: CF_API_TOKEN fehlt."
+    exit 1
+fi
+
+# ==========================================
+# ZONE ID ERMITTELN
+# ==========================================
+
+echo "Zone ID für $DOMAIN_NAME abrufen..."
+ZONE_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN_NAME" \
+    -H "Authorization: Bearer $CF_API_TOKEN" \
+    -H "Content-Type: application/json")
+
+if [ "$(echo $ZONE_RESPONSE | jq -r '.success')" != "true" ]; then
+    echo "Fehler beim Abrufen der Zone ID:"
+    echo $ZONE_RESPONSE | jq .
+    exit 1
+fi
+
+CF_ZONE_ID=$(echo $ZONE_RESPONSE | jq -r '.result[0].id')
+echo "Zone ID: $CF_ZONE_ID"
+
+# ==========================================
+# FUNKTIONEN
+# ==========================================
+
+create_dns_record() {
+    local TYPE=$1
+    local NAME=$2
+    local CONTENT=$3
+    local PROXIED=$4
+    local TTL=$5
+    local PRIORITY=$6
+
+    if [ -z "$PROXIED" ]; then PROXIED="false"; fi
+    if [ -z "$TTL" ]; then TTL=3600; fi
+
+    echo "Erstelle $TYPE-Eintrag für $NAME..."
+    
+    local JSON_DATA=""
+    
+    if [ "$TYPE" = "MX" ]; then
+        if [ -z "$PRIORITY" ]; then PRIORITY=10; fi
+        JSON_DATA="{
+            \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\",
+            \"ttl\": $TTL, \"priority\": $PRIORITY, \"proxied\": $PROXIED
+        }"
+    elif [ "$TYPE" = "TXT" ]; then
+        CONTENT=$(echo "$CONTENT" | sed 's/"//g')
+        JSON_DATA="{
+            \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"\\\"$CONTENT\\\"\",
+            \"ttl\": $TTL, \"proxied\": $PROXIED
+        }"
+    else
+        JSON_DATA="{
+            \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\",
+            \"ttl\": $TTL, \"proxied\": $PROXIED
+        }"
+    fi
+    
+    curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \
+        -H "Authorization: Bearer $CF_API_TOKEN" \
+        -H "Content-Type: application/json" \
+        --data "$JSON_DATA" | jq -r '.success'
+}
+
+
+# ==========================================
+# 1. AWS SES Setup (DKIM & Verifizierung)
+# ==========================================
+echo "--- AWS SES Konfiguration ---"
+DKIM_TOKENS=$(aws ses get-identity-dkim-attributes \
+    --identities ${DOMAIN_NAME} --region ${AWS_REGION} \
+    --query "DkimAttributes.\"${DOMAIN_NAME}\".DkimTokens" --output text)
+
+VERIFICATION_TOKEN=$(aws ses get-identity-verification-attributes \
+    --identities ${DOMAIN_NAME} --region ${AWS_REGION} \
+    --query "VerificationAttributes.\"${DOMAIN_NAME}\".VerificationToken" --output text)
+
+if [ -n "$VERIFICATION_TOKEN" ]; then
+    create_dns_record "TXT" "_amazonses.${DOMAIN_NAME}" "${VERIFICATION_TOKEN}" "false"
+fi
+
+# ==========================================
+# 2. MX Records (AWS SES Ingest)
+# ==========================================
+echo "--- MX Records (AWS SES) ---"
+# Hier leiten wir eingehende Mails an Amazon S3/SQS Pipeline
+create_dns_record "MX" "${DOMAIN_NAME}" "inbound-smtp.${AWS_REGION}.amazonaws.com" "false" 3600 10
+
+# ==========================================
+# 4. SPF & DMARC
+# ==========================================
+
+echo "Fertig. Konfiguration für $DOMAIN_NAME abgeschlossen."