IP-HOP is a modern, self-hosted Dynamic DNS (DDNS) management system with multi-provider support, automatic IP monitoring, and a beautiful web dashboard.
- 🔄 Automatic IP Updates: Monitors your public IP and updates DNS records automatically
- 🌍 Multi-Provider Support: Cloudflare, Dynu, DuckDNS, No-IP, and extensible for more
- ⏰ Flexible Scheduling: Cron-based scheduling for each domain
- 🔐 Secure: Encrypted credentials, JWT authentication, HttpOnly cookies
- 📊 History Tracking: Complete audit trail of all IP changes
- 🎨 Modern UI: Beautiful Next.js dashboard with real-time updates
- 🐳 Docker Ready: One-command deployment with Docker Compose
- ✅ Fully Tested: 107 backend + 68 frontend tests with 100% pass rate
- Docker & Docker Compose
- Domain(s) to manage
- API credentials from your DNS provider
git clone https://github.com/Taoshan98/ip-hop.git
cd ip-hopcp .env.example .env
# Edit .env with your settingsRequired variables:
SECRET_KEY=your-random-secret-key-here
ENCRYPTION_KEY=your-32-byte-base64-encryption-keyGenerate keys:
# SECRET_KEY
openssl rand -hex 32
# ENCRYPTION_KEY (must be 32 bytes)
python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"docker-compose up -dFirst-time setup:
- Navigate to
/setup - Create admin account
- Add DNS providers
- Configure domains
- Set update schedules
ip-hop/
├── backend/ # FastAPI backend
│ ├── app/ # Application code
│ │ ├── api/ # REST API endpoints
│ │ ├── core/ # Security, config
│ │ ├── models/ # SQLAlchemy models
│ │ ├── providers/ # DNS provider implementations
│ │ └── services/ # Business logic
│ ├── database/ # SQLite database
│ └── tests/ # 107 comprehensive tests
│
├── frontend/ # Next.js frontend
│ ├── src/
│ │ ├── app/ # Next.js 14 app router
│ │ ├── components/ # React components
│ │ ├── context/ # Auth context
│ │ └── lib/ # Utilities, API client
│ └── __tests__/ # 68 comprehensive tests
│
└── docker-compose.yml # Deployment config
- Framework: FastAPI (Python 3.12)
- Database: SQLite with SQLAlchemy ORM
- Authentication: JWT tokens with HttpOnly cookies
- Security: Fernet encryption for credentials
- Scheduling: APScheduler with Cron expressions
- HTTP Client: httpx (async)
- Testing: pytest (107 tests, 100% pass rate)
- Framework: Next.js 14 (React 19)
- Language: TypeScript
- Styling: Tailwind CSS
- Components: Radix UI primitives
- State: React Query for server state
- HTTP Client: Axios
- Testing: Jest + React Testing Library (68 tests)
- Containerization: Docker (multi-stage builds)
- CI/CD: GitHub Actions
- Security Scanning: Trivy
- Image Registry: GitHub Container Registry (GHCR)
- Backend Documentation - API endpoints, models, providers
- Frontend Documentation - Components, pages, architecture
- Release Management - Versioning and release process
| Provider | Status | Features |
|---|---|---|
| Cloudflare | ✅ | API, Zone ID, proxied/DNS-only |
| Dynu | ✅ | API, domain management |
| DuckDNS | ✅ | Free, simple token-based auth |
| No-IP | ✅ | Free tier, DDNS Key auth |
| Custom | 🔧 | Extensible provider system |
See Backend Documentation for implementation guide.
- Encrypted Storage: Credentials encrypted at rest with Fernet
- JWT Authentication: Secure token-based auth
- HttpOnly Cookies: XSS protection
- Non-root Docker: Runs as user
iphop:1000 - Security Scanning: Automated Trivy scans in CI/CD
- No Hardcoded Secrets: Environment-based configuration
POST /api/v1/auth/setup- Initial admin setupPOST /api/v1/auth/token- LoginPOST /api/v1/auth/logout- LogoutGET /api/v1/auth/me- Current user
GET /api/v1/providers- List providersPOST /api/v1/providers- Add providerPUT /api/v1/providers/{id}- Update providerDELETE /api/v1/providers/{id}- Remove provider
GET /api/v1/domains- List domainsPOST /api/v1/domains- Add domainPUT /api/v1/domains/{id}- Update domainPOST /api/v1/domains/{id}/update_ip- Force updateGET /api/v1/domains/{id}/history- Update history
Full API docs: Backend README
cd backend
python -m pytest tests/ -v
# 107 tests, 100% pass ratecd frontend
npm test
# 68 tests, 100% pass rate# Backend
cd backend && pytest --cov=app tests/
# Frontend
cd frontend && npm test -- --coverage- Set environment variables:
SECRET_KEY="your-secret-key-here" #openssl rand -hex 32
ENCRYPTION_KEY="your-encryption-key-here" #python3 -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())'- Start the application:
docker-compose up -dPermissions: You may be asked to change ownership of the newly created directory if you are running docker as root and creating folders via docker compose
sudo chown -R $USER:$USER ip-hop/- Access the application:
- Frontend: http://localhost:3000
- Backend API: http://localhost:8001
- API Docs: http://localhost:8001/docs
docker pull ghcr.io/taoshan98/ip-hop:latest
docker run -d \
--name iphop \
-p 8001:8001 \
-p 3000:3000 \
-e SECRET_KEY="your-secret-key" \
-e ENCRYPTION_KEY="your-encryption-key" \
-v iphop-data:/app/backend/database \
ghcr.io/taoshan98/ip-hop:latest# Backend
cd backend
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:app --host 0.0.0.0 --port 8001
# Frontend
cd frontend
npm install
npm run build
npm start- Base Image: Alpine Linux (minimal size)
- Size: ~200MB (optimized multi-stage build)
- Platforms: linux/amd64, linux/arm64
- User: Non-root (iphop:1000)
- Health Check: Built-in monitoring
/app/backend/database- Persistent database storage
8001- Backend API (FastAPI/Uvicorn)3000- Frontend (Next.js)
- ✅ Non-root user execution
- ✅ Minimal Alpine base image
- ✅ Multi-stage build (smaller attack surface)
- ✅ Security scanning with Trivy
- ✅ No hardcoded secrets
- ✅ Health checks enabled
The GitHub Actions workflow automatically:
-
On Pull Request:
- Runs backend tests (pytest)
- Builds frontend
- Validates Docker build
-
On Main Branch Push:
- Runs all tests
- Builds multi-architecture images (amd64, arm64)
- Pushes to GitHub Container Registry
- Scans for vulnerabilities (Trivy)
- Creates semantic version tags (1.0.0, 1.0, 1, latest)
View logs:
docker compose logs -fStop the application:
docker-compose down
# or
docker stop iphopContainer won't start:
docker compose logs iphopHealth check failing:
docker inspect iphop-app | grep Health -A 10Database issues:
docker exec -it iphop-app ls -la /app/backend/database- Use volume for database persistence
- Set strong SECRET_KEY and ENCRYPTION_KEY
- Use reverse proxy (nginx/traefik) for SSL
- Enable Docker resource limits
- Monitor container health
- Regular backups of database volume
| Variable | Description | Required | Default |
|---|---|---|---|
SECRET_KEY |
JWT signing key | ✅ | - |
ACCESS_TOKEN_EXPIRE_MINUTES |
JWT access token expiration time in minutes | ❌ | 10080 (7 days) |
ENCRYPTION_KEY |
Fernet encryption key | ✅ | - |
DATABASE_PATH |
SQLite database path | ❌ | backend/database/ip_hop.db |
CORS_ORIGINS |
Allowed CORS origins | ❌ | ["http://localhost:3000"] |
*/5 * * * * # Every 5 minutes
0 */1 * * * # Every hour
0 0 * * * # Daily at midnight
0 */6 * * * # Every 6 hours
IP-HOP follows Semantic Versioning:
- v1.0.0 - Initial stable release
- See CHANGELOG.md for version history
- See RELEASE.md for release process
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Write tests for new features
- Ensure all tests pass
- Submit a pull request
MIT License - see LICENSE file
- FastAPI for the excellent backend framework
- Next.js for the modern React framework
- Cloudflare and Dynu for DNS services
- All open-source contributors
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Made with ❤️ for easier DDNS management