servnest/README.md
2023-09-01 02:20:09 +02:00

101 lines
3.2 KiB
Markdown

# ServNest
ServNest (formerly Niver) is software providing a web interface allowing users to manage 3 independent services:
* Public suffix registry
* Domain name server
* Static HTTP site hosting
## Status
I plan to create and maintain a public stable instance of ServNest, but I haven't done so yet. Thus it is not yet tested with real world and long-term usages, and is **alpha software**.
## Detailed services features
### Public suffix registry (`reg`)
* Register a subdomain of the registry
* Set domain's nameservers
* Set a DS record to enable DNSSEC
* Set Glue records
* Display records
* Transfer domain to another account
### Name server (`ns`)
* Host a zone on the server
* Plain zone file edition
* Dedicated forms to set/unset `A`, `AAAA`, `NS`, `TXT`, `CAA`, `SRV`, `MX`, `SRV`, `SSHFP`, `TLSA`, `CNAME`, `DNAME` and `LOC` records
* Display records or the full zone file
### Static HTTP site hosting (`ht`)
Upload site's files to the server using SFTP. The way the site is accessed can then be choosed:
* Dedicated domain name and Let's Encrypt certificate
* Dedicated onion service (through Tor)
* Subdomain of a shared root domain
* HTTP subpath of a shared domain
Some Apache configuration directives are available through `.htaccess`.
## Software used
[PHP](https://www.php.net/)
: main language
[SQLite](https://www.sqlite.org/index.html)
: accounts data storage
[Knot DNS](https://www.knot-dns.cz/)
: DNS server for both registry and DNS hosting
[sudo](https://www.sudo.ws/) 1.9.10+
: execute actions that match a regex as privileged or specific users
[SFTPGo](https://github.com/drakkan/sftpgo)
: upload sites files using SFTP
[Apache HTTP Server](https://httpd.apache.org/)
: static HTTP server, with content negotiation and `.htaccess` dynamic configuration
[nginx](https://nginx.org/)
: HTTP reverse proxy for Apache; terminates TLS and enforces security headers
Tor
: [Onion services](https://community.torproject.org/onion-services/)
[Certbot](https://certbot.eff.org/)
: get [Let's Encrypt](https://letsencrypt.org/) certificates for TLS
Cronie (or another cron daemon)
: periodically run script to sync registry records with child zones and pseudo-CNAMEs at apex
[GNU Core Utilities](https://www.gnu.org/software/coreutils/) or [BusyBox](https://www.busybox.net/)
: manipulate the filesystem through sudo
## Installation
Manual installation instructions can be found in [DOCS/installation.md](DOCS/installation.md).
[servnest-mkosi](https://code.antopie.org/servnest/servnest-mkosi) can automatically build a system image for ServNest and has configuration files and scripts.
## Contribute
- Git repository : <https://code.antopie.org/servnest/servnest>
- Issue tracker : <https://code.antopie.org/servnest/servnest/issues>
- Matrix channel : [#servnest:matrix.antopie.org](matrix:r/servnest:matrix.antopie.org)
## Direct contact details
See <https://miraty.antopie.org/>.
## License
ServNest is ethical libre software: you can use, redistribute or modify it under the terms of the CNPL-NAv7+ as found in LICENSE.md or at <https://git.pixie.town/thufie/npl-builder>.
## Similar projects
- [DNSManager](https://github.com/KaneRoot/dnsmanager) powering [netlib.re](https://netlib.re/)
- [EU.org](https://nic.eu.org/)
- [DNS Witch](https://dns-witch.net.eu.org/)