# cunnie/wildcard-dns-http-server: sslip.io wildcard DNS/HTTP server Dockerfile # This DNS/HTTP server enables the procurement of wildcard certs for sslip.io # subdomains. It's meant to be run on the server whose IP address is the # subdomain. e.g. if the subdomain was '207-44-147-10.sslip.io', then this # should be run on the server whose IP address is 207.44.147.10, and this will # procure a wildcard cert for *.207-44-147-10.sslip.io # This won't work for private addresses such as 10.0.1.10 or 192.168.0.1. # Dockerfile of a (Golang-based) DNS/HTTP server. # - the DNS server only responds to TXT queries, and always responds to TXT queries, # and always responds with the same TXT record # - the HTTP server allows you to update the TXT record by POST'ing to the /update # endpoint with a JSON body of `{"txt":"the-new-TXT-record"}`. The endpoint # is compatible with acme-dns. # - acme.sh can be configured to update the DNS TXT record via HTTPS. # To build: # DOCKER_BUILD_DIR=$PWD # pushd ../src/wildcard-dns-http-server/ # GOOS=linux GOARCH=amd64 go build -o $DOCKER_BUILD_DIR/wildcard-dns-http-server # popd # docker build . -f Dockerfile-wildcard-dns-http-server -t cunnie/wildcard-dns-http-server # Typical start command: # docker run -it --rm -p 53:53/udp -p 80:80 cunnie/wildcard-dns-http-server # To test from host: # dig +short txt 127-0-0-1.example.com @localhost # "Set this TXT record: curl -X POST http://localhost/update -d '{\"txt\":\"Certificate Authority's validation token\"}'" # curl -X POST http://localhost/update -d '{"txt":"new-TXT-record"}' # dig +short txt any-domain-you-want @localhost # "new-TXT-record" FROM alpine AS sslip.io LABEL org.opencontainers.image.authors="Brian Cunnie " COPY wildcard-dns-http-server /usr/sbin/wildcard-dns-http-server ENTRYPOINT ["/usr/sbin/wildcard-dns-http-server"] # DNS listens on port 53 UDP # The `EXPOSE` directive doesn't do much in our case. We use it for documentation. EXPOSE 53/udp EXPOSE 80/tcp