zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-11 18:40:31 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Wildcard instructions: formatting, typos

Browse Source
This commit is contained in:
Brian Cunnie
2021-02-08 09:10:58 -08:00
parent 73a735bf37
commit fe3d81f194
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/wildcard.md
View File

@@ -15,7 +15,7 @@ You'll need the following:
furthermore, it only needs to return TXT records. furthermore, it only needs to return TXT records.
How to test that your DNS server is working properly (assuming you've set a How to test that your DNS server is working properly (assuming you've set a
TXT record, "I love my dog": TXT record, "I love my dog"):
``` ```
dig _acme-challenge.52-187-42-158.sslip.io txt dig _acme-challenge.52-187-42-158.sslip.io txt
@@ -33,7 +33,7 @@ You'll need the following:
Once you've procured the wildcard certificate, you can install it on your Once you've procured the wildcard certificate, you can install it on your
internal webservers for URLS of the following format: internal webservers for URLS of the following format:
<https://*internal-ip.external-ip*.sslip.io> (e.g. https://*internal-ip.external-ip*.sslip.io (e.g.
<https://www-192-168-0-10.52-187-42-158.sslip.io>). Note that the _internal-ip_ <https://www-192-168-0-10.52-187-42-158.sslip.io>). Note that the _internal-ip_
portion of the URL _must_ be dash-separated, not dot-separated, for the wildcard portion of the URL _must_ be dash-separated, not dot-separated, for the wildcard
certificate to work properly. certificate to work properly.
@@ -47,19 +47,19 @@ returned as the IP address of the hostname.
### How Do I Set Up an External DNS Server? ### How Do I Set Up an External DNS Server?
The external IP might be from your local network (forward port 53 at your The external IP might be from your local network (forward port 53 at your
router), or from a cloud provider (GCP, AWS, etc). It might even be from a router), or from a cloud provider (GCP, AWS, etc.). It might even be from a
public DNS service (e.g. [Cloudflare](https://www.cloudflare.com/), [AWS Route public DNS service (e.g. [Cloudflare](https://www.cloudflare.com/), [AWS Route
53](https://aws.amazon.com/route53/), my perennial favorite 53](https://aws.amazon.com/route53/), my perennial favorite
[easyDNS](https://easydns.com/), etc). If not using a public DNS service, you [easyDNS](https://easydns.com/), etc.). If not using a public DNS service, you
need to run your own DNS server (e.g. need to run your own DNS server (e.g.
[acme-dns](https://github.com/joohoi/acme-dns), the venerable [acme-dns](https://github.com/joohoi/acme-dns), the venerable
[BIND](https://en.wikipedia.org/wiki/BIND), the opinionated [BIND](https://en.wikipedia.org/wiki/BIND), the opinionated
[djbdns](https://cr.yp.to/djbdns.html), or my personal [djbdns](https://cr.yp.to/djbdns.html), or my personal
[wildcard-dns-http-server](https://github.com/cunnie/sslip.io/tree/master/bosh-release/src/wildcard-dns-http-server) [wildcard-dns-http-server](https://github.com/cunnie/sslip.io/tree/master/bosh-release/src/wildcard-dns-http-server),
etc). You can use any ACME client etc.). You can use any ACME client
([acme.sh](https://github.com/acmesh-official/acme.sh), ([acme.sh](https://github.com/acmesh-official/acme.sh),
[Certbot](https://certbot.eff.org/), etc), but you must configure it to request [Certbot](https://certbot.eff.org/), etc.), but you must configure it to request
a wildcard certificate for \*.${external}.sslip.io, which requires configuring a wildcard certificate for \*._external-ip_.sslip.io, which requires configuring
the DNS-01 challenge to use DNS server chosen. the DNS-01 challenge to use DNS server chosen.
#### Example #### Example