zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-09 01:20:05 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Docs: update sample procedure to procure wildcard

Browse Source 
**This process still does not work**. We need to fix our sslip.io DNS
server code. That being said, once our DNS server code is fixed, this
process _should_ work.

As much as we'd have liked to use `joohoi/acme-dns`, it didn't work with
our setup, possibly due to our DNS server code brokenness, mentioned
above. At any rate, we have our own `acme-dns` replacement, which we
intend to use going forward.
This commit is contained in:
Brian Cunnie
2021-01-11 07:37:50 -08:00
parent 833058d458
commit 0d0acfe318
1 changed files with 12 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/wildcard.md
View File

@@ -37,42 +37,29 @@ sudo apt update && sudo apt upgrade -y && sudo apt install -y docker.io jq
# add us to the docker group # add us to the docker group
sudo addgroup $USER docker sudo addgroup $USER docker
newgrp docker newgrp docker
# Let's install the acme-dns Docker image # Let's install the DNS/HTTP Docker image
docker pull joohoi/acme-dns docker pull cunnie/wildcard-dns-http-server
# Create the necessary directories # Create the necessary directories
mkdir -p config/ data/ tls/ mkdir -p tls/
# Grab the generic config
curl -L https://raw.githubusercontent.com/joohoi/acme-dns/master/config.cfg -o config/config.cfg
# customize the config
sed -i "s/auth.example.org/$FQDN/g" config/config.cfg
# disable systemd-resolved to fix "Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use." # disable systemd-resolved to fix "Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use."
# thanks https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu # thanks https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu
sudo systemctl disable systemd-resolved sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved sudo systemctl stop systemd-resolved
echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf
# listen to port 53 on all interfaces (INADDR_ANY) # Let's start it up:
sed -i 's/^listen = "127.0.0.1:53"/listen = "0.0.0.0:53"/' config/config.cfg docker run -it --rm --name wildcard \
sed -i "s/198.51.100.1/$IP/" config/config.cfg -p 53:53/udp \
# webserver: listen to port 80, no TLS -p 80:80 \
sed -i 's/^tls = .*/tls = "none"/' config/config.cfg cunnie/wildcard-dns-http-server &
sed -i 's/^port = .*/port = "80"/' config/config.cfg
# Let's start 'er up:
docker run --rm --name acmedns \
-p 53:53 \
-p 53:53/udp \
-p 80:80 \
-v $HOME/config:/etc/acme-dns:ro \
-v $HOME/data:/var/lib/acme-dns \
-d joohoi/acme-dns
# sanity check; response should be "35-199-174-9.sslip.io." and "35.199.174.9" # sanity check; response should be "35-199-174-9.sslip.io." and "35.199.174.9"
dig +short ns $FQDN @localhost dig +short ns $FQDN @localhost
dig +short $FQDN @localhost dig +short $FQDN @localhost
# Set up the acme.sh Let's Encrypt variables # Set up the acme.sh Let's Encrypt variables
curl -s -X POST http://$FQDN/register > /tmp/acme-dns.json curl -s -X POST http://$FQDN/register > /tmp/acme-dns.json
export ACMEDNS_UPDATE_URL="http://$FQDN/update" export ACMEDNS_UPDATE_URL="http://localhost/update"
export ACMEDNS_USERNAME=$(jq -r .username /tmp/acme-dns.json) # export ACMEDNS_USERNAME=$(jq -r .username /tmp/acme-dns.json)
export ACMEDNS_PASSWORD=$(jq -r .password /tmp/acme-dns.json) # export ACMEDNS_PASSWORD=$(jq -r .password /tmp/acme-dns.json)
export ACMEDNS_SUBDOMAIN=$(jq -r .subdomain /tmp/acme-dns.json) # export ACMEDNS_SUBDOMAIN=$(jq -r .subdomain /tmp/acme-dns.json)
docker run --rm -it \ docker run --rm -it \
-v $PWD/tls:/acme.sh \ -v $PWD/tls:/acme.sh \
-e ACMEDNS_UPDATE_URL \ -e ACMEDNS_UPDATE_URL \