zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-06 16:18:00 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
84d55750dc40747ddcbb6902b3250d37ec9b6bba
nip/document_root/index.md
Brian Cunnie 84d55750dc sslip.io web page has new message 
- Like xip.io, except
  - allow dashes as well as dots
  - allow IPv6
  - allow branding
  - allow wildcard TLS

We deprecate the old message, which was about using SSL.
2018-02-28 20:17:51 -08:00

4.3 KiB
Raw Blame History

sslip.io

Operational Status: ci.nono.io [Status]

sslip.io is a DNS (Domain Name System) service that, when queried with a hostname with an embedded IP address, returns that IP Address. It was inspired by and uses much of the code of xip.io, which was created by Sam Stephenson

Here are some examples:

hostname IP Address Notes
192.168.0.1.sslip.io 192.168.0.1 dot separators
192-168-0-1.sslip.io 192.168.0.1 dash separators
www.192.168.0.1.sslip.io 192.168.0.1 subdomain
www.192-168-0-1.sslip.io 192.168.0.1
www-192-168-0-1.sslip.io 192.168.0.1 embedded
--1.sslip.io ::1 IPv6 — always use dashes
2607-f8b0-400a-800--200e.sslip.io 2607:f8b0:400a:800::200e IPv6

BRANDING

sslip.io can be used to brand your own site (you don't need to use the sslip.io domain). For example, say you own the domain "example.com", and you want your subdomain, "xip.example.com" to have xip.io-style features. To accomplish this, you'd need to set the following four DNS servers as NS records for the subdomain "xip.example.com"

hostname IP address Location
ns-aws.nono.io. 52.0.56.137 USA
ns-gce.nono.io. 104.155.144.4 USA
ns-azure.nono.io. 52.187.42.158 Singapore
ns-he.nono.io. 78.46.204.247 Germany

Let's test it from the command line using dig:

dig +short 169-254-169-254.xip.example.com @ns-gce.nono.io.

Yields (hopefully [connection timed out] ):

169.254.169.254

TLS (Transport Layer Security)

If you have a wildcard certificate for your sslip.io-style subdomain, you may install it on your machines for TLS-verified connections.

When using a TLS wildcard certificate in conjunction with your branded sslip.io style subdomain, you must use dashes not dots as separators. For example, if you have the TLS certificate for \*.xip.example.com, you could browse to https://https://52-0-56-137.xip.example.com/ but not https://52.0.56.137.xip.example.com/.

For a real-world example of a TLS wildcard cert and sslip.io domain, browse https://52-0-56-137.sslip.io.

Pivotal employees can download the sslip.io TLS private key here.

Footnotes

[Status] A status of "build failing" rarely means the system is failing. It's more often an indication that when the servers were last checked (currently every six hours), the CI (continuous integration) server had difficulty reaching one of the four sslip.io nameservers. That's normal. [connection timed out]

[connection timed out]

DNS runs over UDP which has no guaranteed delivery, and it's not uncommon for the packets to get lost in transmission. DNS clients are programmed to seamlessly query a different server when that happens. That's why DNS, by fiat, requires at least two nameservers (for redundancy). From IETF (Internet Engineering Task Force) RFC (Request for Comment) 1034:

A given zone will be available from several name servers to insure its availability in spite of host or communication link failure. By administrative fiat, we require every zone to be available on at least two servers, and many zones have more redundancy than that.