For the past year, I’ve been using Duck DNS to get a free subdomain for my home. Duck DNS points a DNS (a subdomain of duckdns.org) to an IP of your choice. Since my ISP changes my IP address occasionally, I need a way to keep Duck DNS up to date.
Today, I’m going to explain how I’m using the LinuxServer.io Duck DNS image on a Docker host in my basement.
This is my third post documenting containers I use at home. You can also read about How I Run the Unifi Controller and How I Run Plex.
LinuxServer.io describes their organization as:
A group of like-minded enthusiasts from across the world who build and maintain the largest collection of Docker images on the web. At our core are the principles behind Free and Open Source Software. Our primary goal is to provide easy-to-use and streamlined Docker images with clear and concise documentation.
I’ve been using LinuxServer.io images for a couple of years; they are certainly easy-to-use, clear, and concisely documented. I tend to check here first when I need a new image.
Duck DNS Container Configuration
I tend to use
docker-compose to build and run my images and containers. Here are the contents of the
docker-compose.yml for this project:
--- version: '3.7' networks: default: name: duckdns services: duckdns: container_name: duckdns image: linuxserver/duckdns:eb04e693-ls56 restart: unless-stopped environment: - PUID=XYZ # user account id on the system - PGID=ABC # group id on the system - TZ=America/Detroit - SUBDOMAINS=alpha - TOKEN=beta # move me to a secrets file if I can ever figure out how that works - LOG_FILE=true volumes: - /volume1/docker/duckdns:/config
Let’s step through some of the interesting bits here, much of which is derived from the instructions in the image’s README file:
My personal preference is to lock images down to a specific version, if at all feasible. This way I won’t be surprised when, say, a new version of an image requires or breaks the current configuration. LinuxServer is great about providing versioned images over time.
I personally have never needed to update this image. But when that day comes, it’ll be crystal clear to me what I’m currently running, which will make it easy to see what changed.
environment: - PUID=XYZ # user account id on the system - PGID=ABC # group id group on the system - TZ=America/Detroit
LinuxServer has a great system for setting user and group permissions. In this case, I have
PGID set to the user and group number on my host system. (I have the comment there so that, when I look at this file again three months later, I can remember why I have some hardcoded numbers typed into the file.)
environment: - SUBDOMAINS=alpha - TOKEN=beta # move me to a secrets file if I can ever figure out how that works - LOG_FILE=true
SUBDOMAINS environment variable specifies the subdomains to update. In this case, there’s only one:
LOG_FILE directs the container to save results to a file. I use this to confirm the container is working.
TOKEN is the secret token to identify your account. I wasn’t able to figure out how to put this into a separate secret file that is not committed to source control. I tried using the secrets file facilities in the LinuxServer images, but I couldn’t get it to work. Please let me know if you have any suggestions.
Ultimately, I decided to check the secret into source control. My git repository is private, and, if the secret did leak out… I lose my subdomain? Meh. I’m willing to take the risk.
volumes: - /volume1/docker/duckdns:/config
This container’s volume mapping is straightforward; all it needs is a place to put the log file.
Sometimes configuring and running a container is a big pain in the rear. Thankfully, this one’s about as easy as it gets. It’s nice to have an easy one from time to time.
For the docker secret you have to add the top level `secret` in the compose file.
And set the env variable, prepend “FILE__” to the TOKEN environment variable.
Comments are closed.