From 57a0baae54e0207bc92fbaeccead72625ffbff5c Mon Sep 17 00:00:00 2001 From: Miraty Date: Tue, 19 Sep 2023 20:27:27 +0200 Subject: [PATCH] add-dns: add cname to config, full CAA display --- DOCS/configuration.md | 28 +++++++++++++++++++++++----- config.template.ini | 5 +++-- css/main.css | 5 +++++ pg-view/auth/index.php | 2 +- pg-view/ht/add-dns.php | 16 ++++++++++++---- 5 files changed, 44 insertions(+), 12 deletions(-) diff --git a/DOCS/configuration.md b/DOCS/configuration.md index bebfad5..e7aee18 100644 --- a/DOCS/configuration.md +++ b/DOCS/configuration.md @@ -184,17 +184,35 @@ Linux group as who runs SFTPGo. (Gets full permissions on users directories.) Linux user as who runs SFTPGo. (Used to delete files that users created.) +### `cname` + +For a site with dedicated domain, the domain that users must point their domain to. + +This domain should have the following records: + +AAAA +: `ipv6_address` + +A +: `ipv4_address` + +CAA +: `caa_account_uris[testing]` + +CAA +: `caa_account_uris[approved]` + ### `ipv6_address`, `ipv4_address` -Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain. +For a site with dedicated domain, when manually copying records, public IPv6 and IPv4 addresses that users must set in their AAAA and A records. -### `caa_account_uri` +Should be the same as the AAAA and A records for `cname`. -The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account` +### `caa_account_uris[]` -### `caa_account_uri_staging` +For a site with dedicated domain, when manually copying records, the URIs of the accounts (both stable and staging) that request Let's Encrypt certificates. Keys `testing` and `approved` must be set to outputs of respectively `certbot show_account --test-cert` and `certbot show_account` -The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert` +Should be the same as the CAA records for `cname`. ### `sftp_pub` diff --git a/config.template.ini b/config.template.ini index a6fe2f1..13a2e31 100644 --- a/config.template.ini +++ b/config.template.ini @@ -57,10 +57,11 @@ sftpgo_group = "sftpgo" sftpgo_user = "sftpgo" ; Will be shown to users +cname = "ht.servnest.test." ipv6_address = "::1" ipv4_address = "127.0.0.1" -caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" -caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789" +caa_account_uris[testing] = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789" +caa_account_uris[approved] = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" sftp_pub = "/etc/sftpgo/ed25519.pub" sftp_fp = "/etc/sftpgo/ed25519.fp" sftp_asciiart = "/etc/sftpgo/ed25519.asciiart" diff --git a/css/main.css b/css/main.css index 6e51ae5..a244b09 100644 --- a/css/main.css +++ b/css/main.css @@ -103,3 +103,8 @@ table { table.zone td:first-child { text-align: right; } + +s { + font-size: 0.7rem; + line-height: 1.2rem; +} diff --git a/pg-view/auth/index.php b/pg-view/auth/index.php index 1ef1675..eec62d7 100644 --- a/pg-view/auth/index.php +++ b/pg-view/auth/index.php @@ -31,4 +31,4 @@ else

-

' . ($_SESSION['id'] ?? '—') . '') ?>

+

' . ($_SESSION['id'] ?? '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef') . '') ?>

diff --git a/pg-view/ht/add-dns.php b/pg-view/ht/add-dns.php index 58c1a17..e1199d6 100644 --- a/pg-view/ht/add-dns.php +++ b/pg-view/ht/add-dns.php @@ -18,10 +18,18 @@
-
CAA
-
- 0 issue "letsencrypt.org; validationmethods=http-01; accounturi=" -
+
CAA ()
+ ' ?> +
+ 0 issue "letsencrypt.org; validationmethods=http-01; accounturi=" +
+ ' ?> +
CAA ()
+ ' ?> +
+ 0 issue "letsencrypt.org; validationmethods=http-01; accounturi=" +
+ ' ?>