diff --git a/README.md b/README.md
index ae18751..68ee725 100644
--- a/README.md
+++ b/README.md
@@ -9,37 +9,51 @@ Self-hosted dynamic DNS php-based Docker container to update netcup DNS API from
## Usage
+This docker image only provides a basic http server as default. You should never expose this to the internet!
+Use a reverse proxy or run everything locally.
+
### docker-compose.yaml
-```
+Take a look at docker-compose.yaml for inspiration.
-```
-
-## URL possible uses:
-### Required parameters in URL:
-
-user, password and domain are always needed, as well as at least one of the following:
-ipv4, ipv6, txt
+#### The following environment variables are `required`:
+env | description
+---: | :---
+DDNS_USER DDNS_PASS | The username and password that the DynDNS client (e.g. your router) uses to authenticate to this container
+NETCUP_APIKEY NETCUP_APIPASS NETCUP_CUSTOMERID | Your netcup credentials so this container can authorize against netcup
-Parameter | Example | Explanation
+#### The following environment variables are `optional`:
+env | default | description
---: | :--- | :---
-user | dnsupdater | username to authenticate against this script as defined in .env file. If anonymous login is allowed in .env: `anonymous`
-password | secretpleasechange | password for that user as defined in .env file
-domain | home.example.com | `case A)` If `host` is not specified: the FQDN for your host
-domain | example.com | `case B)` If you want to update the @ or * record
-domain | example.com | `case C)` If `host`is specified: only the domain part as registered at netcup "nas.home.example.com"
-host | nas.home | `case C)` If your domain contains more than 3 levels "nas.home.example.com"
-ipv4 | 1.2.3.4 | the ipv4 address to update an existing A record
-ipv6 | fe80::12:34:56 | the ipv6 address to update an existing AAAA record
-txt | acme-challenge-text | the content to update an existing TXT record
-force | true | ignore checking if the record needs to be updated, just do it anyways. Default: `false`
-mode | * | `case B)` If domain is your registered domain "example.com". Possible values: `*` or `both`. Default: `@`
-create | true | create all entries if none exist. e.g. will not create A if AAAA exists. Needs `allowCreate=true` in .env
-customerId | 12345 | uses the URL provided credentials instead of the ones stored in .env. Needs `allowNetcupCreds=true` in .env
-apiKey | 12345 | uses the URL provided credentials instead of the ones stored in .env. Needs `allowNetcupCreds=true` in .env
-apiPassword | 12345 | uses the URL provided credentials instead of the ones stored in .env. Needs `allowNetcupCreds=true` in .env
+DDNS_DEBUG | 0 | Includes debug information in the web response
+DDNS_LOG | 1 | Creates a json log file
+DDNS_LOGFILE | log.json | Log file location, relative to webroot
+DDNS_RETURNIP | 1 | Returns the updated DNS record (IPv4, IPv6, TXT)
+DDNS_ALLOWCREATE | 0 | Allows for a new DNS entry to be created and set instead of only updating existing
+DDNS_RESTRICTDOMAIN | 0 | Allows you to override the DNS entry to be updated
+DDNS_FORCEDDOMAIN | "" | When DDNS_RESTRICTDOMAIN is set, enter the registered domain name (e.g. example.com)
+DDNS_FORCEDHOST | "" | When DDNS_RESTRICTDOMAIN is set, enter the DNS entry host name (e.g. _acme-challenge.test.home)
+### URL contents:
+
+#### The following parameters are supported
+
+`You must include: user, password, domain and one of ipv4, ipv6 and txt`
+
+parameter | example | description
+---: | :--- | :---
+user | dnsupdater | The DDNS_USER
+password | secretpleasechange | The DDNS_PASS
+domain | `a)` home.example.com `b)` example.com `c)` | `a)` The FQDN to update `b)` The registered domain only, for multi part host names `c)` The domain if you want to update the @ or * record
+host | nas.home | optional; `case b)` If your domain contains more than 3 levels, e.g. "nas.home.example.com"
+ipv4 | 1.2.3.4 | the ipv4 address to update a A record
+ipv6 | fe80::12:34:56 | the ipv6 address to update a AAAA record
+txt | acme-challenge-text | the content to update a TXT record
+force | true | optional; ignore checking if the record needs to be updated, just do it anyways. Default: `false`
+mode | * | optional; `case c)` If domain is your registered domain "example.com". Possible values: `*` or `both`. Default: `@`
+create | true | optional; create all entries if none exist. e.g. will not create A if AAAA exists. Needs `DDNS_ALLOWCREATE=1`
+
#### Example URL to update A record (IPv4) of home.example.com:
https://`dyndns.example.com`/update.php?user=`username`&password=`password`&domain=`home.example.com`&ipv4=`IPv4`
@@ -73,8 +87,8 @@ https://`dyndns.example.com`/update.php?user=`username`&password=`password`&doma
* Domainname: ``
* Multiple Domains:
* Domainname: `,,....`
-* Username: ``
-* Password: ``
+* Username: ``
+* Password: ``
### Synology DSM Settings
* Go to "Control Panel" -> "External Access" -> "DDNS"
@@ -87,8 +101,8 @@ https://`dyndns.example.com`/update.php?user=`username`&password=`password`&doma
* Click on "Add" to create a DDNS job
* Select your custom provider. Notice that an asterisk [*] has appeared in front of the name to signify that this is a custom provider.
* Hostname: ``
-* Username/Email: ``
-* Password/Key: ``
+* Username/Email: ``
+* Password/Key: ``
* External Address (IPv4): probably "Auto", uses Synology service to find own external IP
* External Address (IPv6): doesn't matter, currently not supported by Synology
@@ -98,7 +112,7 @@ https://`dyndns.example.com`/update.php?user=`username`&password=`password`&doma
* Service Type: "Custom"
* Interface to monitor: `