-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolving DNS names dynamically - similar to NIP.IO but with personally owned domains. #544
Comments
Hey, I will try to resume what you asked with my own words to check if I understood it well. So are you proposing DPS to register the stored hostnames by the local database and/or by the docker containers/services to a Certificate Authority like Let's Encrypt? |
Sorry - I wasn't clear. Let me get some diagrams together to help illustrate what this feature request is about. Cheers, EDIT: I'm also renaming this to remove Let's Encrypt from the name. |
I was busy creating a whole story line of my curriculum, but figured this is overkill. So here's a quick summary. Currently, if I want a URL to resolve to my laptop IP address (or any IP address for that matter), I simply prefix the I'm looking for the same feature in DPS. Here are some examples assuming my custom DNS domain is
I hope this clears up this feature request for DPS. |
Got this, you would want DPS to implement nip.io resolution features, right? Sounds me like an interesting feature to be implemented, that feature doesn't look complex to me. Never thought or heard of that feature before. A doubt, is there an use case which nip.io isn't satisfacting you, it would be the fact you can't customize the domain suffix? |
Yep. You got it now. The one situation where Having DPS provide this feature bypasses this throttling problem. |
Additional Note. Whenever you are implementing this feature, please ensure that we can do this for any and all IP addresses - RFC1918 or otherwise - since the Let's Encrypt servers need to communicate with the If my external IP address is 45.46.47.48, I should be able to do the same thing - i.e.:
|
@ak2766 for now, seems like you can use the Local Solver DB feature, I consider the only difference is that you will need to create the DNS records config file previously. |
Thanks @mageddo. I'm in no particular rush at the moment. Will wait for the feature to testing... |
Hey @ak2766 feature was implemented at 3.32.2-snapshot, can you try it out? Thanks for the suggestion 🤝 . |
Christmas has come early this year! Thank you kindly. I'll test it out over the weekend. |
What is Happening
I'm about to teach a TLS course to some students I'm looking for a way to automatically issue SSL certificates using custom DNS records.
What is the actual behavior and lacks which without that feature, and what's the fallback (if there is one) while this feature is not implemented yet.
Without this feature, the students would need to pester the TA to get their custom DNS records entered into a local DNS server.
What is Expected
Before this TLS course, we've been using
nip.io
with docker containers. Specifically, we've been using this DNS record:<student_id>-7f000001.nip.io
. This has been working well since each student desk is labelled with a range of port numbers he/she can use for services they create on docker. So, say student with ID112244
deploys a web service and exposes port 80 on the local host at port 12345, then they can access that service as follows:http://112244-7f000001.nip.io:12345
I'm now planning to introduce https and have created the necessary entries to haproxy so that a student can access their secure web service at the following URL:
https://112244-12345-7f000001.nip.io
Currently, I've created a self-signed certificate for
*.nip.io
which works but has the issue with of presenting the usual self-signed certificate browser warning.Please describe the wanted behavior with details of how it could work.
I'm hoping that the
dns-proxy-server
can be enhanced to have this feature so that anyone can use a domain they own and/or control. The issue withnip.io
is that we do not own this DNS domain and as such cannot make use of DNS validation when requesting for certificates. This validation method is something I'd like to cover in a future syllabus of the course.I hope I've been concise enough with this requirement.
I suspect you'd see a huge uptake in the
dns-proxy-server
user base if you were to implement this feature!The text was updated successfully, but these errors were encountered: