add-dns: add cname to config, full CAA display
This commit is contained in:
parent
3df402e8e9
commit
57a0baae54
5 changed files with 44 additions and 12 deletions
|
@ -184,17 +184,35 @@ Linux group as who runs SFTPGo. (Gets full permissions on users directories.)
|
|||
|
||||
Linux user as who runs SFTPGo. (Used to delete files that users created.)
|
||||
|
||||
### `cname`
|
||||
|
||||
For a site with dedicated domain, the domain that users must point their domain to.
|
||||
|
||||
This domain should have the following records:
|
||||
|
||||
AAAA
|
||||
: `ipv6_address`
|
||||
|
||||
A
|
||||
: `ipv4_address`
|
||||
|
||||
CAA
|
||||
: `caa_account_uris[testing]`
|
||||
|
||||
CAA
|
||||
: `caa_account_uris[approved]`
|
||||
|
||||
### `ipv6_address`, `ipv4_address`
|
||||
|
||||
Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain.
|
||||
For a site with dedicated domain, when manually copying records, public IPv6 and IPv4 addresses that users must set in their AAAA and A records.
|
||||
|
||||
### `caa_account_uri`
|
||||
Should be the same as the AAAA and A records for `cname`.
|
||||
|
||||
The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account`
|
||||
### `caa_account_uris[]`
|
||||
|
||||
### `caa_account_uri_staging`
|
||||
For a site with dedicated domain, when manually copying records, the URIs of the accounts (both stable and staging) that request Let's Encrypt certificates. Keys `testing` and `approved` must be set to outputs of respectively `certbot show_account --test-cert` and `certbot show_account`
|
||||
|
||||
The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert`
|
||||
Should be the same as the CAA records for `cname`.
|
||||
|
||||
### `sftp_pub`
|
||||
|
||||
|
|
|
@ -57,10 +57,11 @@ sftpgo_group = "sftpgo"
|
|||
sftpgo_user = "sftpgo"
|
||||
|
||||
; Will be shown to users
|
||||
cname = "ht.servnest.test."
|
||||
ipv6_address = "::1"
|
||||
ipv4_address = "127.0.0.1"
|
||||
caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
|
||||
caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
|
||||
caa_account_uris[testing] = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
|
||||
caa_account_uris[approved] = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
|
||||
sftp_pub = "/etc/sftpgo/ed25519.pub"
|
||||
sftp_fp = "/etc/sftpgo/ed25519.fp"
|
||||
sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
|
||||
|
|
|
@ -103,3 +103,8 @@ table {
|
|||
table.zone td:first-child {
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
s {
|
||||
font-size: 0.7rem;
|
||||
line-height: 1.2rem;
|
||||
}
|
||||
|
|
|
@ -31,4 +31,4 @@ else
|
|||
|
||||
<h2><?= _('Internal ID') ?></h2>
|
||||
|
||||
<p><?= sprintf(_('The current account\'s internal ID is %s.'), '<small><code>' . ($_SESSION['id'] ?? '—') . '</code></small>') ?></p>
|
||||
<p><?= sprintf(_('The current account\'s internal ID is %s.'), '<small><code>' . ($_SESSION['id'] ?? '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef') . '</code></small>') ?></p>
|
||||
|
|
|
@ -18,10 +18,18 @@
|
|||
<dd>
|
||||
<code><?= CONF['ht']['ipv4_address'] ?></code>
|
||||
</dd>
|
||||
<dt><code>CAA</code></dt>
|
||||
<dt><code>CAA</code> (<?= _('useful for testing accounts only') ?>)</dt>
|
||||
<?= (($_SESSION['type'] ?? '') === 'testing') ? '' : '<s>' ?>
|
||||
<dd>
|
||||
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
|
||||
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= CONF['ht']['caa_account_uris']['testing'] ?>"</code>
|
||||
</dd>
|
||||
<?= (($_SESSION['type'] ?? '') === 'testing') ? '' : '</s>' ?>
|
||||
<dt><code>CAA</code> (<?= _('useful for approved accounts only') ?>)</dt>
|
||||
<?= (($_SESSION['type'] ?? '') === 'approved') ? '' : '<s>' ?>
|
||||
<dd>
|
||||
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= CONF['ht']['caa_account_uris']['approved'] ?>"</code>
|
||||
</dd>
|
||||
<?= (($_SESSION['type'] ?? '') === 'approved') ? '' : '</s>' ?>
|
||||
</dl>
|
||||
</details>
|
||||
|
||||
|
|
Loading…
Reference in a new issue