diff --git a/bosh-release/src/wildcard-dns-http-server/main.go b/bosh-release/src/wildcard-dns-http-server/main.go index d1bfb1a..d206339 100644 --- a/bosh-release/src/wildcard-dns-http-server/main.go +++ b/bosh-release/src/wildcard-dns-http-server/main.go @@ -13,7 +13,7 @@ import ( "golang.org/x/net/dns/dnsmessage" ) -var txt = `Set this TXT record: curl -X POST http://localhost/update -d '{"txt":"Certificate Authority's validation token"}'` +var txt = `Set this TXT record: curl -X POST http://localhost/update -d '{"txt":"Certificate Authority validation token"}'` // Txt is for parsing the JSON POST to set the DNS TXT record type Txt struct { @@ -131,5 +131,6 @@ func updateTxtHandler(w http.ResponseWriter, r *http.Request) { return } // this is the money shot, where we update the DNS TXT record to what was in the POST request + log.Println("Updating TXT record from \"" + txt + "\" → \"" + updateTxt.Txt + "\".") txt = updateTxt.Txt } diff --git a/k8s/.gitignore b/k8s/.gitignore new file mode 100644 index 0000000..753b1a8 --- /dev/null +++ b/k8s/.gitignore @@ -0,0 +1,2 @@ +# don't checkin artifact from Docker build process +wildcard-dns-http-server diff --git a/k8s/Dockerfile-wildcard-dns-http-server b/k8s/Dockerfile-wildcard-dns-http-server new file mode 100644 index 0000000..41f9b32 --- /dev/null +++ b/k8s/Dockerfile-wildcard-dns-http-server @@ -0,0 +1,51 @@ +# cunnie/wildcard-dns-http-server: sslip.io wildcard DNS/HTTP server Dockerfile + +# This DNS/HTTP server enables the procurement of wildcard certs for sslip.io +# subdomains. It's meant to be run on the server whose IP address is the +# subdomain. e.g. if the subdomain was '207-44-147-10.sslip.io', then this +# should be run on the server whose IP address is 207.44.147.10, and this will +# procure a wildcard cert for *.207-44-147-10.sslip.io + +# This won't work for private addresses such as 10.0.1.10 or 192.168.0.1. + +# Dockerfile of a (Golang-based) DNS/HTTP server. + +# - the DNS server only responds to TXT queries, and always responds to TXT queries, +# and always responds with the same TXT record +# - the HTTP server allows you to update the TXT record by POST'ing to the /update +# endpoint with a JSON body of `{"txt":"the-new-TXT-record"}`. The endpoint +# is compatible with acme-dns. +# - acme.sh can be configured to update the DNS TXT record via HTTPS. + +# To build: + +# DOCKER_BUILD_DIR=$PWD +# pushd ../src/wildcard-dns-http-server/ +# GOOS=linux GOARCH=amd64 go build -o $DOCKER_BUILD_DIR/wildcard-dns-http-server +# popd +# docker build . -f Dockerfile-wildcard-dns-http-server -t cunnie/wildcard-dns-http-server + +# Typical start command: + +# docker run -it --rm -p 53:53/udp -p 80:80 cunnie/wildcard-dns-http-server + +# To test from host: + +# dig +short txt 127-0-0-1.example.com @localhost +# "Set this TXT record: curl -X POST http://localhost/update -d '{\"txt\":\"Certificate Authority's validation token\"}'" +# curl -X POST http://localhost/update -d '{"txt":"new-TXT-record"}' +# dig +short txt any-domain-you-want @localhost +# "new-TXT-record" + +FROM alpine AS sslip.io + +LABEL maintainer="brian.cunnie@gmail.com" + +COPY wildcard-dns-http-server /usr/sbin/wildcard-dns-http-server + +ENTRYPOINT ["/usr/sbin/wildcard-dns-http-server"] + +# DNS listens on port 53 UDP +# The `EXPOSE` directive doesn't do much in our case. We use it for documentation. +EXPOSE 53/udp +EXPOSE 80/tcp