Comments (5)
All I can think of is using reverse proxy in front of acme-dns and / or corresponding configuration values of:
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
For debugging reasons I think adding the IP address that we're matching against would be beneficial to have in the error message.
from acme-dns.
This seems to be a bug indeed. acme-dns is supposed to use the request.RemoteAddr if use_header = false
. I'll fix it in the coming days.
from acme-dns.
Thanks for the quick reply!
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
Is how my configuration is currently set, I also tried switching use_header
to true, but then quickly realised you could do something like this to bypass it, which completely defeats the point of enabling it in the first place:
curl -s -X POST http://auth.mydnsdomain.co.uk:8080/update -H "X-Forwarded-For: 127.0.0.1" -H "X-Api-User: p0624f07-b4a7-4d61-8d28-4f7e63621952" -H "X-Api-Key: 54mt4yLIRJZIXiK161jZghvuIxFz09Tj1sZY_vpZ" --data '{"subdomain": "1937d870-d239-4cb2-99b2-d1979q2608a3", "txt": "___validation_token_recieved_from_the_ca___"}' | python -m json.tool
{
"txt": "___validation_token_recieved_from_the_ca___"
}
As you mentioned, putting a reverse proxy in front of it then setting the config that way is a potential workaround however.
I agree, having the IP address you're matching against in the debug message would definitely be very beneficial here.
Thanks for the work you've put in to this project by the way!
from acme-dns.
I just added logging for the IP address being matched in #46 . It's now available in master
branch. This should help us to debug your issue.
from acme-dns.
Awesome, thank you!
I just tried running the same request again, both on the server locally and from an external permitted location, and it seems the IP isn't being retrieved:
DEBU[0042] Checking if update is permitted from IP ip="<nil>"
ERRO[0042] Update not allowed from IP error=ip_unauthorized
DEBU[0071] Checking if update is permitted from IP ip="<nil>"
ERRO[0071] Update not allowed from IP error=ip_unauthorized
I'd assumed that when use_header
was set to false
it would use the IP address that the POST request was sent from, but is this perhaps not the case?
Cheers
from acme-dns.
Related Issues (20)
- Keep track of creation date for unused accounts
- Support of DuckDNS.org API HOT 1
- ACME-DNS-API not pulling a certificate for itself HOT 9
- Build fails with go 1.15
- /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found HOT 4
- auth.acme-dns.io has become unavailable HOT 1
- README adduser command wrong
- acme-dns only saves a single TXT record, not 2
- Configuration questions HOT 1
- error message every 10 minutes about managing the server certificate HOT 8
- Register endpoint with configurable subdomain HOT 3
- CAA issues when higher level domain has a CAA HOT 2
- Add `server_url` to JSON storage file
- nxdomain responses include huge timeouts HOT 2
- Is it possible to add support for Dynamic DNS subdomains
- Add support for PROXY protocol
- Please accept the PR for making registration endpoint configurable HOT 4
- Not able to generate cert for itself, no TXT record created
- Issue with Certificate Renewal from Let's Encrypt
- Build failed, error in sqlite3 dependency
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-dns.