acme-dns-proxy

module
v0.0.0-...-64b876b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2022 License: MIT

README

ACME DNS Proxy

Proxy to secure ACME DNS challenges.

Most DNS providers do not offer a way to restrict access only to TXT records or to a specific domain. DigitalOcean for example only offers API tokens with full cloud access.

This creates a security issue if you use multipe host with acme.sh or lego, for example, because you have to distribute your API key among the host.

With ACME DNS Proxy you can control which client has access to which domains without storing your DNS Provider API keys on the client.

Install

go install github.com/hpidcock/acme-dns-proxy/cmd/acmep@latest
acmep --install

Example configuration

server {
  listen_address = ":https"
  certmagic "acme.domain.example" {
  }
}
provider "cloudflare" {
  api_token = "my cloudflare api token"
}
acl "service-0.domain.example" {
  token = "secure token for service-0"
}
acl "*.sub.domain.example" {
  token = "secure token for all *.sub.domain.example"
}

TODO

  • Rewrite README.md
  • Rewrite all unit tests
  • Re-add in all libdns providers

Original project by matthiasng

Directories

Path Synopsis
cmd
acmep
pkg
config
dns
dns01
listener
proxy

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.