SafelineAPI/docs/CONFIGURATION.md

SafelineAPI Configuration and Cloudflare DNS Guide

This guide explains how to configure SafelineAPI to use Cloudflare for DNS-01 challenges and how to run the program.

Quick Start

• Prerequisites: Go is only required for building from source. If you prefer, use the built binary produced by go build.
• Minimal steps: create a Cloudflare API token, update config.json, and run the program.

Config File Location

• The primary configuration file is config.json in the repository root. See docs/cloudflare.md for a short Cloudflare-specific note.

Important fields

• SafeLine.ApiToken: API token used to connect to the SafeLine API.
• ApplyCert.Email: Contact email used when requesting certificates.
• ApplyCert.DNSProviderConfig.DNSProvider: Set this to Cloudflare to use Cloudflare.
• ApplyCert.DNSProviderConfig.Cloudflare.APIToken: Recommended — a scoped Cloudflare API Token with Zone:DNS:Edit on your zone(s).
• ApplyCert.DNSProviderConfig.Cloudflare.APIKey and Email: Optional — use only if you must authenticate with the Global API key.

Example config.json snippet

{
  "SafeLine": {
    "Host": { "HostName": "192.168.1.4", "Port": "1443" },
    "ApiToken": "<your-safeline-api-token>"
  },
  "ApplyCert": {
    "Days": 30,
    "Email": "you@example.com",
    "SavePath": "C:/path/to/ssl",
    "DNSProviderConfig": {
      "DNSProvider": "Cloudflare",
      "Cloudflare": {
        "APIToken": "<your-cloudflare-scoped-token>"
      }
    }
  }
}

Create a Cloudflare API Token

1. Log into the Cloudflare dashboard and open My Profile → API Tokens.
2. Click Create Token and choose the Edit zone DNS template or set custom permissions:
   • Zone:Zone:Read
   • Zone:DNS:Edit
3. Scope the token to the specific zone(s) you need and create the token.
4. Put the token value in ApplyCert.DNSProviderConfig.Cloudflare.APIToken.

Run commands

• Build the binary (optional):

cd C:\Users\samge\coding\SafelineAPI-1
go build -o safelineApi.exe ./cmd/safelineApi

• Run with the built binary:

.\safelineApi.exe

• Or run directly with Go:

go run ./cmd/safelineApi -- -t "<SafeLineApiToken>" -D "Cloudflare" -e "you@example.com"

Notes on flags: the project reads flags and config.json. If a flag is present it will be used for that run.

Troubleshooting

• Warning about missing values: If you see warnings like No DNS provider set, set ApplyCert.DNSProviderConfig.DNSProvider or pass -D on the command line.
• Dependency/download issues: If go build stalls on module downloads, try setting a proxy:

go env -w GOPROXY=https://goproxy.cn,direct
go clean -modcache
go mod tidy
go build -v ./...

• Cloudflare auth mismatch: Use APIToken (recommended). If using APIKey (global key), also provide the account Email.

Security recommendations

• Prefer scoped API tokens over the global API key.
• Store secrets outside source control. Use environment variables or an external secret store in production.
• Limit token scope to required zones.

Files added/edited

• Documentation: docs/cloudflare.md
• Configuration example: config.json at project root

If you'd like, I can also add a short README.md or copy a minimal example config.example.json to the repo root for easy onboarding. Which would you prefer next?