-
Notifications
You must be signed in to change notification settings - Fork 114
Setting up your Canarytokens DNS correctly
- two domains:
- one is used for the public facing web application; we can call this the frontend domain.
- other is used for the Canarytokens' embedded urls; we can call this the backend domain.
- public IP address of server running your Canarytokens docker.
We recommend two domains because we have found that setting up the DNS is easier and more reliable. It also allows you to have a disconnect of domain between what everyone can see and what your Canarytokens trigger on.
For the rest of the explanation we will use frontend domain as frontend.com and backend domain as backend.com. We will also use SERVER_IP as your server's public facing IP that will be running your Canarytokens Server.
- At domain registrar, set your Name Servers to point at the DNS servers that are running your "Hosted Zone" file. For example, if you have AWS route53 managing your zone file but GoDaddy is your registrar for your domain,
frontend.com. You would request the Name Servers to point the AWS supplied name servers, sayawsdns-1.com, awsdns-2.com. - Head over to your zone file for your domain.
- Configure NS records as the same Name Servers you supplied the registrar. e.g.
frontend.com NS 10 awsdns-1.com
10 awsdns-2.com
- Configure A record for your domain. e.g.
frontend.com A SERVER_IP
- Configure A records for your domain's name servers. e.g.
ns1.frontend.com A SERVER_IP
ns2.frontend.com A SERVER_IP
- At domain registrar, set your Name Servers to point at the two nameservers you set for
frontend.com.
backend.com NS ns1.frontend.com
ns2.frontend.com
- Head over to your zone file for your domain.
- Configure NS records as the same Name Servers you supplied the registrar for this domain. e.g.
backend.com NS 10 ns1.frontend.com
10 ns2.frontend.com
- Configure A record for your domain. e.g.
backend.com A SERVER_IP
Continuing with the use of the above example domains; we can finally setup our Canarytokens docker environment variables to use these two domains.
In your frontend.env, you will need to have these values (I've left in some suggested values for the others):
CANARY_DOMAINS=backend.com
CANARY_NXDOMAINS=backend.com
CANARY_GOOGLE_API_KEY=<Google API key if you want Google Maps to work>
CANARY_AWSID_URL=<AWS ID url to create AWS ID Canarytokens>
CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
CANARY_MAX_UPLOAD_SIZE=10485760
CANARY_FRONTEND_LOG_SIZE=500000000
CANARY_FRONTEND_LOG_COUNT=20
LOG_FILE=/logs/frontend.log
In your switchboard.env, you will need to have these values (again i've left in some suggested defaults):
CANARY_MAILGUN_DOMAIN_NAME=frontend.com
CANARY_MAILGUN_API_KEY=<mailgun api key>
CANARY_PUBLIC_IP=SERVER_IP
CANARY_PUBLIC_DOMAIN=frontend.com
[email protected]
CANARY_ALERT_EMAIL_FROM_DISPLAY=Canarytoken Mailer
CANARY_ALERT_EMAIL_SUBJECT=Your Canarytoken was Triggered
CANARY_IPINFO_API_KEY=<ip info api key for more ip information on alerts>
CANARY_TOKEN_RETURN=fortune
CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
CANARY_MAX_HISTORY=10
CANARY_SWITCHBOARD_LOG_SIZE=500000000
CANARY_SWITCHBOARD_LOG_COUNT=20
LOG_FILE=/logs/switchboard.log
ERROR_LOG_WEBHOOK=<webhook that can be sent your exceptions>