Comments (3)
Thanks for opening the issue. I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense.
This is based on the expectations this project was originally built on, the decision is in no way final, and I'm up for discussion about the matter.
The README should definitely be synced with the actual config values in the end.
from acme-dns.
The README should definitely be synced with the actual config values in the end.
This was the main motivation for this ticket.
I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense.
I agree that's the common usage, and expected the change was for that. What I failed to convey is that my concern is over the docs in strings and narratives that correspond to IP configuration. A lot of people who use this are unlikely to know the difference between localhost and the public address, and the risks/requirements involved with each. Example, for a long time Redis defaulted to 0.0.0.0
- which many people didn't expect - and glossed over that line... which lead to many servers hacked. I got burned by that when doing an update, and have been very sensitive to default listen configs ever since.
so it might make sense to use the default config as..
# listen ip. eg: 127.0.0.1 for localhost only; 0.0.0.0 for all/public address
ip = "0.0.0.0"
or even
# listen ip. eg: "127.0.0.1" for localhost only; "0.0.0.0" for all/public address
# most users will want to listen on the public address "0.0.0.0" so outside clients can access.
# if your only clients are on this machine or you have firewall rules, "127.0.0.1" may be preferred.
ip = ""
from acme-dns.
README.md
is now pretty much up to sync with the config.cfg
, the IP clarification is still pending.
from acme-dns.
Related Issues (20)
- Register endpoint with configurable subdomain HOT 3
- CAA issues when higher level domain has a CAA HOT 2
- Add `server_url` to JSON storage file HOT 1
- nxdomain responses include huge timeouts HOT 2
- Is it possible to add support for Dynamic DNS subdomains
- Add support for PROXY protocol
- Please accept the PR for making registration endpoint configurable HOT 4
- Not able to generate cert for itself, no TXT record created
- Issue with Certificate Renewal from Let's Encrypt
- Build failed, error in sqlite3 dependency
- Is this project still active? HOT 4
- Acme-Dns Server Failing HOT 1
- TXT record returns two values - doesn't seem that should be possible HOT 4
- How do you bootstrap when you have a split-DNS? HOT 5
- Should /health return a result? HOT 1
- Unable to obtain the corresponding TXT record through _acme-challenge.example.tld HOT 3
- Unable to use on ARM64
- [Question] What is the `https://github.com/acme-dns/acme-dns` repo for? HOT 1
- acme-dns.io timing out for some of the sub domains HOT 1
- NOT AN ISSUE! is it possible to split the services on two servers? (one server for HTTPS and another for DNS) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-dns.