zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-07 00:23:44 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Docs: procuring a wildcard certificate (beta)

Browse Source 
The docs are correct, but the code isn't yet ready.
This commit is contained in:
Brian Cunnie
2021-01-16 11:48:02 -08:00
parent f42417da7e
commit 7c099f5843
1 changed files with 5 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/wildcard.md
View File

@@ -21,11 +21,11 @@ export NAT_IP=$(gcloud compute instances list --filter="name=('sslip')" --format
jq -r '.[0].networkInterfaces[0].accessConfigs[0].natIP') jq -r '.[0].networkInterfaces[0].accessConfigs[0].natIP')
echo $NAT_IP echo $NAT_IP
# get the fully-qualified domain name, e.g. 35-199-174-9.sslip.io # get the fully-qualified domain name, e.g. 35-199-174-9.sslip.io
export FQDN=${IP//./-}.sslip.io export FQDN=${NAT_IP//./-}.sslip.io
echo $FQDN echo $FQDN
# set IP & FQDN on the VM because we'll need them later # set IP & FQDN on the VM because we'll need them later
gcloud compute ssh --command="echo export FQDN=$FQDN IP=$IP >> ~/.bashrc" --zone=us-west1-a sslip gcloud compute ssh --command="echo export FQDN=$FQDN IP=$IP >> ~/.bashrc" --zone=us-west1-a sslip
# create the rules to allow SSH, DNS, HTTP(S) inbound # create the rules to allow DNS (and ICMP/ping) inbound
gcloud compute firewall-rules create sslip-io-allow-dns \ gcloud compute firewall-rules create sslip-io-allow-dns \
--allow udp:53,icmp \ --allow udp:53,icmp \
--network=default \ --network=default \
@@ -37,8 +37,6 @@ sudo apt update && sudo apt upgrade -y && sudo apt install -y docker.io jq
# add us to the docker group # add us to the docker group
sudo addgroup $USER docker sudo addgroup $USER docker
newgrp docker newgrp docker
# Let's install the DNS/HTTP Docker image
docker pull cunnie/wildcard-dns-http-server
# Create the necessary directories # Create the necessary directories
mkdir -p tls/ mkdir -p tls/
# disable systemd-resolved to fix "Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use." # disable systemd-resolved to fix "Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use."
@@ -51,21 +49,12 @@ docker run -it --rm --name wildcard \
-p 53:53/udp \ -p 53:53/udp \
-p 80:80 \ -p 80:80 \
cunnie/wildcard-dns-http-server & cunnie/wildcard-dns-http-server &
# sanity check; response should be "35-199-174-9.sslip.io." and "35.199.174.9" dig +short TXT does.not.matter.example.com @localhost
dig +short ns $FQDN @localhost # You should see `"Set this TXT record ..."`
dig +short $FQDN @localhost
# Set up the acme.sh Let's Encrypt variables
curl -s -X POST http://$FQDN/register > /tmp/acme-dns.json
export ACMEDNS_UPDATE_URL="http://localhost/update" export ACMEDNS_UPDATE_URL="http://localhost/update"
# export ACMEDNS_USERNAME=$(jq -r .username /tmp/acme-dns.json)
# export ACMEDNS_PASSWORD=$(jq -r .password /tmp/acme-dns.json)
# export ACMEDNS_SUBDOMAIN=$(jq -r .subdomain /tmp/acme-dns.json)
docker run --rm -it \ docker run --rm -it \
-v $PWD/tls:/acme.sh \ -v $PWD/tls:/acme.sh \
-e ACMEDNS_UPDATE_URL \ -e ACMEDNS_UPDATE_URL \
-e ACMEDNS_USERNAME \
-e ACMEDNS_PASSWORD \
-e ACMEDNS_SUBDOMAIN \
--net=host \ --net=host \
neilpang/acme.sh \ neilpang/acme.sh \
--issue \ --issue \
@@ -80,4 +69,4 @@ Clean-up:
``` ```
gcloud compute firewall-rules delete sslip-io-allow-dns gcloud compute firewall-rules delete sslip-io-allow-dns
gcloud compute instances delete sslip gcloud compute instances delete sslip
``` ```