From ed82e1534926e241aea32092fcede8cbb43da80b Mon Sep 17 00:00:00 2001 From: Daniel Lo Nigro Date: Thu, 22 Mar 2018 20:32:56 -0700 Subject: [PATCH] Refactor readme changes - Move DNS config to separate "DNS Records" section - Move testing to separate "Testing It Out" section --- README.md | 85 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 44 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 1ce63b9..fa1a4b0 100644 --- a/README.md +++ b/README.md @@ -111,13 +111,6 @@ Check out how in the INSTALL section. ## Installation -In all the commands listed below: -- `example.com` is your domain name -- `auth.example.com` is the subdomain you want to use for acme-dns -- `198.51.100.1` is the **public** IP address of the system running acme-dns - -These values should be changed based on your environment. - 1) Install [Go 1.9 or newer](https://golang.org/doc/install) 2) Install acme-dns: `go get github.com/joohoi/acme-dns/...`. This will install acme-dns to `~/go/bin/acme-dns`. @@ -126,40 +119,8 @@ These values should be changed based on your environment. 4) Run acme-dns. Please note that acme-dns needs to open a privileged port (53, domain), so it needs to be run with elevated privileges. -5) Confirm that acme-dns is working by performing a DNS lookup for one of the predefined records configured in the `config.cfg` file: `dig @198.51.100.1 auth.example.com`. This should be logged in acme-dns' output: -``` -DEBU[0003] Answering question for domain domain=auth.example.com. qtype=A -``` -If this request times out, ensure that port 53 is open in your firewall. - -6) On your domain's regular DNS server, add an `NS` record for `auth.example.com` pointing to `ns.auth.example.com`, and an `A` record for `ns.auth.example.com` pointing to `198.51.100.1` If using IPv6, use an AAAA record rather than an A record. - -7) Wait a few minutes for DNS changes to propagate - -8) Confirm that DNS lookups for the acme-dns subdomain works as expected: `dig auth.example.com` - -9) Call the `/register` API endpoint to register a test domain: -``` -$ curl -X POST -d "{}" http://auth.example.com/register -{"username":"eabcdb41-d89f-4580-826f-3e62e9755ef2","password":"pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0","fulldomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.com","subdomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf","allowfrom":[]} -``` - -10) Call the `/update` API endpoint to set a test TXT record: -``` -$ curl -X POST \ - -H "X-Api-User: eabcdb41-d89f-4580-826f-3e62e9755ef2" \ - -H "X-Api-Key: pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0" \ - -d '{"subdomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf", "txt": "___validation_token_recieved_from_the_ca___"}' \ - http://auth.example.com/update -``` - -11) Perform a DNS lookup to the test subdomain to confirm that everything is working properly: -``` -$ dig @ns.auth.example.com d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.com -``` - -## Using Docker +### Using Docker 1) Pull the latest acme-dns Docker image: `docker pull joohoi/acme-dns` @@ -179,7 +140,7 @@ docker run --rm --name acmedns \ -d joohoi/acme-dns ``` -## Docker Compose +### Docker Compose 1) Create directories: `config` for the configuration file, and `data` for the sqlite3 database. @@ -189,6 +150,48 @@ docker run --rm --name acmedns \ 4) Edit the `config/config.cfg` and `docker-compose.yml` to suit your needs, and run `docker-compose up -d` +## DNS Records + +Note: In this documentation: +- `example.com` is your domain name +- `auth.example.com` is the subdomain you want to use for acme-dns +- `198.51.100.1` is the **public** IP address of the system running acme-dns + +These values should be changed based on your environment. + +You will need to add some DNS records on your domain's regular DNS server: +- `NS` record for `auth.example.com` pointing to `ns.auth.example.com` +- `A` record for `ns.auth.example.com` pointing to `198.51.100.1` +- If using IPv6, an `AAAA` record pointing to the IPv6 address + +## Testing It Out + +You may want to test that acme-dns is working before using it for real queries. + +1) Confirm that DNS lookups for the acme-dns subdomain works as expected: `dig auth.example.com` + +2) Call the `/register` API endpoint to register a test domain: +``` +$ curl -X POST http://auth.example.com/register +{"username":"eabcdb41-d89f-4580-826f-3e62e9755ef2","password":"pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0","fulldomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.com","subdomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf","allowfrom":[]} +``` + +3) Call the `/update` API endpoint to set a test TXT record. Pass the `username`, `password` and `subdomain` received from the `register` call performed above: +``` +$ curl -X POST \ + -H "X-Api-User: eabcdb41-d89f-4580-826f-3e62e9755ef2" \ + -H "X-Api-Key: pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0" \ + -d '{"subdomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf", "txt": "___validation_token_recieved_from_the_ca___"}' \ + http://auth.example.com/update +``` + +Note: The `txt` field must be exactly 43 characters long, otherwise acme-dns will reject it + +4) Perform a DNS lookup to the test subdomain to confirm that everything is working properly: +``` +$ dig @ns.auth.example.com d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.com +``` + ## Configuration ```bash