mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-24 16:10:23 +08:00
262 lines
13 KiB
HTML
262 lines
13 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta name="generator" content="HTML Tidy for HTML5 for Apple macOS version 5.6.0">
|
||
<meta charset="utf-8">
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||
<!-- The above 3 meta tags *must* come first in the head; any
|
||
other head content must come *after* these tags -->
|
||
<title>Welcome to sslip.io</title>
|
||
<meta name="description" content="sslip.io">
|
||
<meta name="author" content="Brian Cunnie"><!-- cute Green Lock icon -->
|
||
<link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico"><!-- Latest
|
||
compiled and minified CSS -->
|
||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"><!--
|
||
Optional theme -->
|
||
<link rel="stylesheet" href="css/starter-template.css"><!--
|
||
HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
|
||
<!--
|
||
WARNING: Respond.js doesn't work if you view the page via file:// -->
|
||
<!--[if lt
|
||
IE 9]> <script
|
||
src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script
|
||
src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]-->
|
||
</head>
|
||
<body>
|
||
<nav class="navbar navbar-inverse navbar-fixed-top">
|
||
<div class="container">
|
||
<div class="navbar-header">
|
||
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
|
||
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span></button> <a class=
|
||
"navbar-brand" href="/">sslip.io</a>
|
||
</div>
|
||
<div id="navbar" class="collapse navbar-collapse">
|
||
<ul class="nav navbar-nav">
|
||
<li class="active">
|
||
<a href="/">Home</a>
|
||
</li><!--
|
||
<li><a href="faq.html">FAQ</a></li>
|
||
<li><a href="about.html">About</a></li>
|
||
-->
|
||
</ul>
|
||
</div><!--/.nav-collapse -->
|
||
</div>
|
||
</nav>
|
||
<div class="container">
|
||
<div class="starter-template">
|
||
<h3 id="sslip.io">sslip.io</h3>
|
||
<p>Operational Status: <a href="https://ci.nono.io/teams/main/pipelines/sslip.io"><img src=
|
||
"https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/dns-servers/badge" alt="ci.nono.io"></a> <sup><a href=
|
||
"#status" class="alert-link">[Status]</a></sup></p>
|
||
<p><em>sslip.io</em> is a DNS (<a href="https://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System</a>)
|
||
service that, when queried with a hostname with an embedded IP address, returns that IP Address. It was inspired
|
||
by <a href="http://xip.io">xip.io</a>, which was created by <a href="https://github.com/sstephenson">Sam
|
||
Stephenson</a>.</p>
|
||
<div class="alert alert-success" role="alert">
|
||
<b>2020-12-01 New Software!</b> We've replaced our original PowerDNS + Bash script backend with a customized
|
||
DNS server written in Golang. <a href="https://github.com/cunnie/sslip.io/issues/new/choose">Let us know</a> if
|
||
anything breaks.
|
||
</div>
|
||
<p>Here are some examples:</p>
|
||
<table class="table">
|
||
<thead>
|
||
<tr class="header">
|
||
<th>Hostname / URL</th>
|
||
<th>IP Address</th>
|
||
<th>Notes</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr class="odd">
|
||
<td>192.168.0.1.sslip.io</td>
|
||
<td>192.168.0.1</td>
|
||
<td>dot separators</td>
|
||
</tr>
|
||
<tr class="even">
|
||
<td>
|
||
<a href="https://52-0-56-137.sslip.io">https://52-0-56-137.sslip.io</a>
|
||
</td>
|
||
<td>52.0.56.137</td>
|
||
<td>dash separators, sslip.io website mirror (IPv4)</td>
|
||
</tr>
|
||
<tr class="odd">
|
||
<td>www.192.168.0.1.sslip.io</td>
|
||
<td>192.168.0.1</td>
|
||
<td>subdomain</td>
|
||
</tr>
|
||
<tr class="even">
|
||
<td>www.192-168-0-1.sslip.io</td>
|
||
<td>192.168.0.1</td>
|
||
<td>subdomain + dashes</td>
|
||
</tr>
|
||
<tr class="odd">
|
||
<td>
|
||
<a href="https://www-78-46-204-247.sslip.io">https://www-78-46-204-247.sslip.io</a>
|
||
</td>
|
||
<td>78.46.204.247</td>
|
||
<td>embedded, sslip.io website mirror (IPv4)</td>
|
||
</tr>
|
||
<tr class="even">
|
||
<td>–1.sslip.io</td>
|
||
<td>::1</td>
|
||
<td>IPv6 — always use dashes</td>
|
||
</tr>
|
||
<tr class="odd">
|
||
<td>
|
||
<a href="https://2a01-4f8-c17-b8f--2.sslip.io">https://2a01-4f8-c17-b8f--2.sslip.io</a>
|
||
</td>
|
||
<td>2a01:4f8:c17:b8f::2</td>
|
||
<td>sslip.io website mirror (IPv6)</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<h3 id="branding">Branding / White Label / Custom Domains</h3>
|
||
<p>sslip.io can be used to brand your own site (you don’t need to use the sslip.io domain). For example, say you
|
||
own the domain “example.com”, and you want your subdomain, “xip.example.com” to have xip.io-style features. To
|
||
accomplish this, set the following three DNS servers as NS records for the subdomain “xip.example.com”</p>
|
||
<div class="alert alert-warning" role="alert">
|
||
<b>2019-07-31 Nameserver (NS) Change!</b> Update your nameservers. We have deprecated ns-vultr.nono.io because
|
||
it's turned off the last week of the month when it has reached its 3 TB bandwidth quota. On 2018-09-20 we
|
||
deprecated ns-he-nono.io.
|
||
</div>
|
||
<table class="table">
|
||
<thead>
|
||
<tr class="header">
|
||
<th>hostname</th>
|
||
<th>IP address</th>
|
||
<th>Location</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr class="odd">
|
||
<td><code>ns-aws.nono.io.</code></td>
|
||
<td>52.0.56.137</td>
|
||
<td>USA</td>
|
||
</tr>
|
||
<tr class="even">
|
||
<td><code>ns-gce.nono.io.</code></td>
|
||
<td>104.155.144.4</td>
|
||
<td>USA</td>
|
||
</tr>
|
||
<tr class="odd">
|
||
<td><code>ns-azure.nono.io.</code></td>
|
||
<td>52.187.42.158</td>
|
||
<td>Singapore</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<p>Let’s test it from the command line using <code>dig</code>:</p>
|
||
<pre><code>dig @ns-gce.nono.io. 169-254-169-254.xip.example.com +short</code></pre>
|
||
<p>Yields, hopefully: <sup><a href="#timeout" class="alert-link">[connection timed out]</a></sup></p>
|
||
<pre><code>169.254.169.254</code></pre>
|
||
<h3 id="server">But I Want My Own DNS Server!</h3>
|
||
<p>If you want to run your own DNS server, it's simple: you can compile from <a href=
|
||
"https://github.com/cunnie/sslip.io/tree/master/bosh-release/src/sslip.io-dns-server">source</a> or you can use
|
||
one of our <a href="https://github.com/cunnie/sslip.io/releases">pre-built binaries</a>. In the following
|
||
example, we install & run our server within a docker container:</p>
|
||
<pre>
|
||
docker run -it --rm fedora
|
||
curl -L https://github.com/cunnie/sslip.io/releases/download/2.1.2/sslip.io-dns-server-linux-amd64 -o dns-server
|
||
chmod +x dns-server
|
||
./dns-server 2> dns-server.log &
|
||
dnf install -y bind-utils
|
||
dig @localhost 127-0-0-1.sslip.io +short # returns "127.0.0.1"</pre>
|
||
<h3 id="tls">TLS</h3>
|
||
<p>You can acquire TLS certificates for your externally-accessible hosts from certificate authorities (CAs) such
|
||
as Let's Encrypt. The easiest mechanism to acquire a certificate would be to use the <a href=
|
||
"https://letsencrypt.org/docs/challenge-types/#http-01-challenge">HTTP-01 challenge</a>. It requires, at a
|
||
minimum, a web server running on your machine. The <a href="https://caddyserver.com/">Caddy</a> web server is one
|
||
of the most popular examples. For example, if you had a webserver with the IP address 52.0.56.137, you could
|
||
obtain a TLS certificate for "52.0.56.137.sslip.io", or "www.52.0.56.137.sslip.io", or
|
||
"prod.www-52-0-56-137.sslip.io".</p>
|
||
<div class="alert alert-warning" role="alert">
|
||
<b>2021-02-12 Let's Encrypt Rate Limits</b> If your request for an "sslip.io" certificate is <a href=
|
||
"https://letsencrypt.org/docs/rate-limits/">rate-limited</a>, please open a <a href=
|
||
"https://github.com/cunnie/sslip.io/issues/new/choose">GitHub issue</a> and we'll request a rate-limit
|
||
increase.
|
||
</div>
|
||
<p>If you have procured a wildcard certificate for your branded / white label / custom sslip.io-style subdomain,
|
||
you may install it on your machines for TLS-verified connections.</p>
|
||
<div class="alert alert-warning" data-role="alert">
|
||
<p>When using a TLS wildcard certificate in conjunction with your branded sslip.io style subdomain, you must
|
||
<b>use dashes not dots</b> as separators. For example, if you have the TLS certificate for
|
||
<i>*.xip.example.com</i>, you could browse to https://www-52-0-56-137.xip.example.com/ but not
|
||
https://www.52.0.56.137.xip.example.com/.</p>
|
||
</div>
|
||
<p>Unless you're a VMware employee, I can't release the private key for the "*.sslip.io" wildcard certificate
|
||
(VMware employees can download the <i>*.sslip.io</i> TLS private key <a href=
|
||
"https://drive.google.com/open?id=0ByweFu4TspftMWJPdE1US0hQTGc">here</a>); however, acquiring wildcard
|
||
certificates for "sslip.io" subdomains, e.g. "*.52-0-56-137.sslip.io", is possible but more complicated. For
|
||
those interested, the procedure is described <a href=
|
||
"https://github.com/cunnie/sslip.io/blob/master/docs/wildcard.md">here</a>.</p>
|
||
<h3 id="related">Related Services</h3>
|
||
<ul>
|
||
<li>
|
||
<a href="http://xip.io/">xip.io</a>: the inspiration for sslip.io
|
||
</li>
|
||
<li>
|
||
<a href="http://nip.io">nip.io</a>: similar to xip.io, but the PowerDNS backend is written in elegant Python
|
||
</li>
|
||
<li>
|
||
<a href="https://github.com/Corollarium/localtls">localtls</a>: A DNS server + webserver to provide TLS to on
|
||
local addresses.
|
||
</li>
|
||
</ul>
|
||
<hr>
|
||
<h4 id="footnotes">Footnotes</h4>
|
||
<p><a id="status"><sup>[Status]</sup></a> A status of “build failing” rarely means the system is failing. It’s
|
||
more often an indication that when the servers were last checked (currently every six hours), the CI (continuous
|
||
integration) <a href="https://ci.nono.io/teams/main/pipelines/sslip.io">server</a> had difficulty reaching one of
|
||
the three sslip.io nameservers. That’s normal. <sup><a href="#timeout" class="alert-link">[connection timed
|
||
out]</a></sup></p>
|
||
<p><a id="timeout"><sup>[connection timed out]</sup></a></p>
|
||
<p>DNS runs over <a href="https://en.wikipedia.org/wiki/User_Datagram_Protocol">UDP</a> which has no guaranteed
|
||
delivery, and it’s not uncommon for the packets to get lost in transmission. DNS clients are programmed to
|
||
seamlessly query a different server when that happens. That’s why DNS, by fiat, requires at least two nameservers
|
||
(for redundancy). From <a href="https://tools.ietf.org/html/rfc1034">IETF (Internet Engineering Task Force) RFC
|
||
(Request for Comment) 1034</a>:</p>
|
||
<blockquote>
|
||
<p>A given zone will be available from several name servers to insure its availability in spite of host or
|
||
communication link failure. By administrative fiat, we require every zone to be available on at least two
|
||
servers, and many zones have more redundancy than that.</p>
|
||
</blockquote>
|
||
</div>
|
||
</div><!-- /.container -->
|
||
<!--
|
||
Bootstrap core JavaScript ================================================== -->
|
||
<!--
|
||
Placed at the end of the document so the pages load faster -->
|
||
<!-- jQuery
|
||
(necessary for Bootstrap's JavaScript plugins) -->
|
||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <!--
|
||
Latest compiled and minified JavaScript -->
|
||
|
||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> <!--
|
||
IE10 viewport hack for Surface/desktop Windows 8 bug -->
|
||
|
||
<script src=
|
||
"https://raw.githubusercontent.com/twbs/bootstrap/master/docs/assets/js/ie10-viewport-bug-workaround.js"></script>
|
||
<!--
|
||
Google Analytics -->
|
||
|
||
<script>
|
||
|
||
(function(i, s, o, g, r, a, m) {
|
||
i['GoogleAnalyticsObject'] = r;
|
||
i[r] = i[r] || function() {
|
||
(i[r].q = i[r].q || []).push(arguments)
|
||
}, i[r].l = 1 * new Date();
|
||
a = s.createElement(o), m = s.getElementsByTagName(
|
||
o)[0];
|
||
a.async = 1;
|
||
a.src = g;
|
||
m.parentNode.insertBefore(a, m)
|
||
})(window, document, 'script',
|
||
'//www.google-analytics.com/analytics.js', 'ga');
|
||
ga('create', 'UA-43107212-2', 'auto');
|
||
ga('send', 'pageview');
|
||
</script>
|
||
</body>
|
||
</html>
|