beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ht/dns-add: display recommended CAA record

Browse source
This commit is contained in:
Miraty 2023-05-05 19:41:55 +02:00
parent f3752163af
commit 54c64906f7
6 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
DOCS/configuration.md
View file

@ -183,6 +183,14 @@ Linux user as who runs SFTPGo. (Used to delete files that users created.)
Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain.
### `caa_account_uri`
The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account`
### `caa_account_uri_staging`
The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert`
### `sftp_pub`
Filesystem path to where the public key of the SFTP service is available.

2
config.ini
View file

@ -57,6 +57,8 @@ sftpgo_user = "sftpgo"
; Will be shown to users
ipv6_address = "::1"
ipv4_address = "127.0.0.1"
caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
sftp_pub = "/etc/sftpgo/ed25519.pub"
sftp_fp = "/etc/sftpgo/ed25519.fp"
sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"

8
css/main.css
View file

@ -55,10 +55,6 @@ p {
margin-bottom: 1rem;
}
.breakable {
word-break: break-all;
}
::selection {
background-color: var(--foreground-color);
color: var(--background-color);
@ -72,10 +68,6 @@ pre {
margin: 0;
}
code {
white-space: nowrap;
}
a {
color: var(--foreground-color);
text-decoration: underline var(--svc-color) 0.2em;

4
pg-act/ns/caa.php
View file

@ -5,10 +5,10 @@ $values = nsParseCommonRequirements();
if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
output(403, 'Wrong value for <code>flag</code>.');
if (!(preg_match('/^[a-z]{1,127}$/D', $_POST['tag'])))
if (!(preg_match('/^[a-z0-9]{1,127}$/D', $_POST['tag'])))
output(403, 'Wrong value for <code>tag</code>.');
if (!(preg_match('/^[a-z0-9.-]{1,255}$/D', $_POST['value'])))
if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{1,255}$/D', $_POST['value'])))
output(403, 'Wrong value for <code>value</code>.');
rateLimit();

2
pg-act/ns/txt.php
View file

@ -2,7 +2,7 @@
$values = nsParseCommonRequirements();
if (!(preg_match('/^[a-zA-Z0-9 .@=:!%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
output(403, 'Wrong value for <code>txt</code>.');
rateLimit();

4
pg-view/ht/add-dns.php
View file

@ -19,6 +19,10 @@
<dd>
<code><?= SERVER_NAME ?>_domain-verification=<?= getAuthToken() ?></code>
</dd>
<dt><code>CAA</code></dt>
<dd>
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
</dd>
</dl>
<form method="post">