zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-05 07:36:54 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
8d55c534fc73f1f53f0c080619b5d2bae7fc04d3
nip/k8s/Dockerfile-wildcard-dns-http-server
Brian Cunnie 3f61b73290 Dockerfile for DNS/HTTP wildcard server 
This DNS/HTTP server enables the procurement of wildcard certs for
sslip.io subdomains.

Drive-by:

- Removed the apostrophe from the initialized TXT string so that
cutting-and-pasting the string is less difficult (but the backslashes
and double quotes are still a pain).

- The DNS/HTTP server logs output when the TXT record is updated. We log
most actions, and this is perhaps the most important one, so it was an
oversight that we didn't log it.
2021-01-10 06:11:38 -08:00

52 lines
2.0 KiB
Plaintext
Raw Blame History

# cunnie/wildcard-dns-http-server: sslip.io wildcard DNS/HTTP server Dockerfile
# This DNS/HTTP server enables the procurement of wildcard certs for sslip.io
# subdomains. It's meant to be run on the server whose IP address is the
# subdomain. e.g. if the subdomain was '207-44-147-10.sslip.io', then this
# should be run on the server whose IP address is 207.44.147.10, and this will
# procure a wildcard cert for *.207-44-147-10.sslip.io
# This won't work for private addresses such as 10.0.1.10 or 192.168.0.1.
# Dockerfile of a (Golang-based) DNS/HTTP server.
# - the DNS server only responds to TXT queries, and always responds to TXT queries,
# and always responds with the same TXT record
# - the HTTP server allows you to update the TXT record by POST'ing to the /update
# endpoint with a JSON body of `{"txt":"the-new-TXT-record"}`. The endpoint
# is compatible with acme-dns.
# - acme.sh can be configured to update the DNS TXT record via HTTPS.
# To build:
# DOCKER_BUILD_DIR=$PWD
# pushd ../src/wildcard-dns-http-server/
# GOOS=linux GOARCH=amd64 go build -o $DOCKER_BUILD_DIR/wildcard-dns-http-server
# popd
# docker build . -f Dockerfile-wildcard-dns-http-server -t cunnie/wildcard-dns-http-server
# Typical start command:
# docker run -it --rm -p 53:53/udp -p 80:80 cunnie/wildcard-dns-http-server
# To test from host:
# dig +short txt 127-0-0-1.example.com @localhost
# "Set this TXT record: curl -X POST http://localhost/update -d '{\"txt\":\"Certificate Authority's validation token\"}'"
# curl -X POST http://localhost/update -d '{"txt":"new-TXT-record"}'
# dig +short txt any-domain-you-want @localhost
# "new-TXT-record"
FROM alpine AS sslip.io
LABEL maintainer="brian.cunnie@gmail.com"
COPY wildcard-dns-http-server /usr/sbin/wildcard-dns-http-server
ENTRYPOINT ["/usr/sbin/wildcard-dns-http-server"]
# DNS listens on port 53 UDP
# The `EXPOSE` directive doesn't do much in our case. We use it for documentation.
EXPOSE 53/udp
EXPOSE 80/tcp
Reference in New Issue View Git Blame Copy Permalink