Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added option to provide custom dns challenge resolvers #251

Open
wants to merge 3 commits into
base: unstable
Choose a base branch
from
Open

Added option to provide custom dns challenge resolvers #251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ec8c608
wip: Use cloudflare as resolver
SamuelNitsche May 12, 2024
7f9c1ce
Add dns challenge resolver fields
SamuelNitsche May 12, 2024
35756d1
Updated .clabot
SamuelNitsche May 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .clabot
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
"contributors": ["azukaar", "jwr1", "Jogai", "InterN0te", "catmandx", "revam", "Kawanaao", "davis4acca", "george-radu-cs"],
"contributors": ["azukaar", "jwr1", "Jogai", "InterN0te", "catmandx", "revam", "Kawanaao", "davis4acca", "george-radu-cs", "SamuelNitsche"],
"message": "We require contributors to sign our [Contributor License Agreement](https://github.com/azukaar/Cosmos-Server/blob/master/cla.md). In order for us to review and merge your code, add yourself to the .clabot file as contributor, as a way of signing the CLA."
}
1 change: 1 addition & 0 deletions client/src/api/demo.config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
"GenerateMissingAuthCert": true,
"HTTPSCertificateMode": "LETSENCRYPT",
"DNSChallengeProvider": "",
"DNSChallengeResolver": "",
"HTTPPort": "80",
"HTTPSPort": "443",
"ProxyConfig": {
Expand Down
16 changes: 16 additions & 0 deletions client/src/pages/config/users/configman.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ const ConfigManagement = () => {
UseWildcardCertificate: config.HTTPConfig.UseWildcardCertificate,
HTTPSCertificateMode: config.HTTPConfig.HTTPSCertificateMode,
DNSChallengeProvider: config.HTTPConfig.DNSChallengeProvider,
DNSChallengeResolver: config.HTTPConfig.DNSChallengeResolver,
DNSChallengeConfig: config.HTTPConfig.DNSChallengeConfig,
ForceHTTPSCertificateRenewal: config.HTTPConfig.ForceHTTPSCertificateRenewal,
OverrideWildcardDomains: config.HTTPConfig.OverrideWildcardDomains,
Expand Down Expand Up @@ -185,6 +186,7 @@ const ConfigManagement = () => {
UseWildcardCertificate: values.UseWildcardCertificate,
HTTPSCertificateMode: values.HTTPSCertificateMode,
DNSChallengeProvider: values.DNSChallengeProvider,
DNSChallengeResolver: values.DNSChallengeResolver,
DNSChallengeConfig: values.DNSChallengeConfig,
ForceHTTPSCertificateRenewal: values.ForceHTTPSCertificateRenewal,
OverrideWildcardDomains: values.OverrideWildcardDomains.replace(/\s/g, ''),
Expand Down Expand Up @@ -811,6 +813,20 @@ const ConfigManagement = () => {
/>
)
}


{formik.values.HTTPSCertificateMode === "LETSENCRYPT" && (
<CosmosInputText
onChange={(e) => {
formik.setFieldValue("ForceHTTPSCertificateRenewal", true);
}}
label="DNS Server to use when resolving the letsencrypt challenge"
name="DNSChallengeResolver"
configName="DNSChallengeResolver"
formik={formik}
/>
)
}

{
formik.values.HTTPSCertificateMode === "LETSENCRYPT" && (
Expand Down
8 changes: 8 additions & 0 deletions client/src/pages/newInstall/newInstall.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ const NewInstall = () => {
HTTPSCertificateMode: "",
UseWildcardCertificate: false,
DNSChallengeProvider: '',
DNSChallengeResolver: '',
DNSChallengeConfig: {},
allowHTTPLocalIPAccess: false,
__success: false,
Expand Down Expand Up @@ -332,6 +333,7 @@ const NewInstall = () => {
TLSCert: values.HTTPSCertificateMode === "PROVIDED" ? values.TLSCert : '',
Hostname: values.Hostname,
DNSChallengeProvider: values.DNSChallengeProvider,
DNSChallengeResolver: values.DNSChallengeResolver,
DNSChallengeConfig: values.DNSChallengeConfig,
allowHTTPLocalIPAccess: values.allowHTTPLocalIPAccess,
});
Expand Down Expand Up @@ -389,6 +391,12 @@ const NewInstall = () => {
placeholder={"[email protected]"}
formik={formik}
/>
<CosmosInputText
name="DNSChallengeResolver"
label="DNS Server to use when resolving the letsencrypt challenge"
placeholder={"1.1.1.1"}
formik={formik}
/>
{formik.values.DNSChallengeProvider && formik.values.DNSChallengeProvider != '' && (
<Alert severity="info">
You have enabled the DNS challenge. Make sure you have set the environment variables for your DNS provider.
Expand Down
2 changes: 2 additions & 0 deletions src/newInstall.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ type NewInstallJSON struct {
SSLEmail string `json:"sslEmail",validate:"omitempty,email"`
UseWildcardCertificate bool `json:"useWildcardCertificate",validate:"omitempty"`
DNSChallengeProvider string `json:"dnsChallengeProvider",validate:"omitempty"`
DNSChallengeResolver string `json:"dnsChallengeResolver",validate:"omitempty"`
DNSChallengeConfig map[string]string
AllowHTTPLocalIPAccess bool `json:"allowHTTPLocalIPAccess",validate:"omitempty"`
}
Expand Down Expand Up @@ -128,6 +129,7 @@ func NewInstallRoute(w http.ResponseWriter, req *http.Request) {
newConfig.HTTPConfig.SSLEmail = request.SSLEmail
newConfig.HTTPConfig.UseWildcardCertificate = request.UseWildcardCertificate
newConfig.HTTPConfig.DNSChallengeProvider = request.DNSChallengeProvider
newConfig.HTTPConfig.DNSChallengeResolver = request.DNSChallengeResolver
newConfig.HTTPConfig.DNSChallengeConfig = request.DNSChallengeConfig
newConfig.HTTPConfig.TLSCert = request.TLSCert
newConfig.HTTPConfig.TLSKey = request.TLSKey
Expand Down
10 changes: 9 additions & 1 deletion src/utils/certificates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,12 @@ import (
"crypto/ecdsa"
"crypto/elliptic"
"os"
"strings"

"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
Expand Down Expand Up @@ -180,7 +182,13 @@ func DoLetsEncrypt() (string, string) {
return "", ""
}

err = client.Challenge.SetDNS01Provider(provider)
if config.HTTPConfig.DNSChallengeResolver != "" {
// Split DNSChallengeResolver by commas to support multiple DNS servers
resolvers := strings.Split(config.HTTPConfig.DNSChallengeResolver, ",")
err = client.Challenge.SetDNS01Provider(provider, dns01.AddRecursiveNameservers(resolvers))
} else {
err = client.Challenge.SetDNS01Provider(provider)
}
} else {
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", config.HTTPConfig.HTTPPort))
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions src/utils/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ type HTTPConfig struct {
GenerateMissingAuthCert bool
HTTPSCertificateMode string
DNSChallengeProvider string
DNSChallengeResolver string
ForceHTTPSCertificateRenewal bool
HTTPPort string `validate:"required,containsany=0123456789,min=1,max=6"`
HTTPSPort string `validate:"required,containsany=0123456789,min=1,max=6"`
Expand Down