mirror of
https://github.com/cmur2/dyndnsd.git
synced 2024-12-21 04:54:22 +01:00
Allow dyndnsd to use address from X-Real-IP
This commit is contained in:
parent
a9083e916e
commit
f76c5933d7
14
README.md
14
README.md
@ -6,11 +6,11 @@ A small, lightweight and extensible DynDNS server written with Ruby and Rack.
|
||||
|
||||
## Description
|
||||
|
||||
dyndnsd.rb is aimed to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
|
||||
dyndnsd.rb aims to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby supporting IPv4 and IPv6 addresses. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
|
||||
|
||||
The is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
|
||||
There is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
|
||||
|
||||
Because of the mechanisms used dyndnsd.rb is known to work only on *nix systems.
|
||||
Because of the mechanisms used dyndnsd.rb is known to work only on \*nix systems.
|
||||
|
||||
## General Usage
|
||||
|
||||
@ -112,6 +112,14 @@ where:
|
||||
* HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
|
||||
* MYIP is optional and the HTTP client's address will be used if missing
|
||||
|
||||
### IP address determination
|
||||
|
||||
The following rules apply:
|
||||
|
||||
* use any IP address provided via the myip parameter when present, or
|
||||
* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
|
||||
* use any IP address used by the connecting HTTP client
|
||||
|
||||
### SSL, multiple listen ports
|
||||
|
||||
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
|
||||
|
@ -44,11 +44,11 @@ module Dyndnsd
|
||||
@db['hosts'] ||= {}
|
||||
(@db.save; update) if @db.changed?
|
||||
end
|
||||
|
||||
|
||||
def update
|
||||
@updater.update(@db)
|
||||
end
|
||||
|
||||
|
||||
def is_fqdn_valid?(hostname)
|
||||
return false if hostname.length < @domain.length + 2
|
||||
return false if not hostname.end_with?(@domain)
|
||||
@ -56,45 +56,52 @@ module Dyndnsd
|
||||
return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
|
||||
true
|
||||
end
|
||||
|
||||
|
||||
def call(env)
|
||||
return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
|
||||
return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update"
|
||||
|
||||
|
||||
params = Rack::Utils.parse_query(env["QUERY_STRING"])
|
||||
|
||||
|
||||
return @responder.response_for_error(:hostname_missing) if not params["hostname"]
|
||||
|
||||
|
||||
hostnames = params["hostname"].split(',')
|
||||
|
||||
|
||||
# Check if hostname match rules
|
||||
hostnames.each do |hostname|
|
||||
return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname)
|
||||
end
|
||||
|
||||
|
||||
user = env["REMOTE_USER"]
|
||||
|
||||
|
||||
hostnames.each do |hostname|
|
||||
return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname
|
||||
end
|
||||
|
||||
# no myip?
|
||||
if not params["myip"]
|
||||
params["myip"] = env["REMOTE_ADDR"]
|
||||
# fallback value, always present
|
||||
myip = env["REMOTE_ADDR"]
|
||||
|
||||
# check whether X-Real-IP header has valid IPAddr
|
||||
if env.has_key?("HTTP_X_REAL_IP")
|
||||
begin
|
||||
IPAddr.new(env["HTTP_X_REAL_IP"])
|
||||
myip = env["HTTP_X_REAL_IP"]
|
||||
rescue ArgumentError
|
||||
end
|
||||
end
|
||||
|
||||
# malformed myip?
|
||||
begin
|
||||
IPAddr.new(params["myip"])
|
||||
rescue ArgumentError
|
||||
params["myip"] = env["REMOTE_ADDR"]
|
||||
|
||||
# check whether myip parameter has valid IPAddr
|
||||
if params.has_key?("myip")
|
||||
begin
|
||||
IPAddr.new(params["myip"])
|
||||
myip = params["myip"]
|
||||
rescue ArgumentError
|
||||
end
|
||||
end
|
||||
|
||||
myip = params["myip"]
|
||||
|
||||
|
||||
Metriks.meter('requests.valid').mark
|
||||
Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}"
|
||||
|
||||
|
||||
changes = []
|
||||
hostnames.each do |hostname|
|
||||
if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip)
|
||||
@ -106,7 +113,7 @@ module Dyndnsd
|
||||
Metriks.meter('requests.nochg').mark
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
if @db.changed?
|
||||
@db['serial'] += 1
|
||||
Dyndnsd.logger.info "Committing update ##{@db['serial']}"
|
||||
@ -114,7 +121,7 @@ module Dyndnsd
|
||||
update
|
||||
Metriks.meter('updates.committed').mark
|
||||
end
|
||||
|
||||
|
||||
@responder.response_for_changes(changes, myip)
|
||||
end
|
||||
|
||||
@ -130,23 +137,23 @@ module Dyndnsd
|
||||
puts "Config file not found!"
|
||||
exit 1
|
||||
end
|
||||
|
||||
|
||||
puts "DynDNSd version #{Dyndnsd::VERSION}"
|
||||
puts "Using config file #{config_file}"
|
||||
|
||||
config = YAML::load(File.open(config_file, 'r') { |f| f.read })
|
||||
|
||||
|
||||
if config['logfile']
|
||||
Dyndnsd.logger = Logger.new(config['logfile'])
|
||||
else
|
||||
Dyndnsd.logger = Logger.new(STDOUT)
|
||||
end
|
||||
|
||||
|
||||
Dyndnsd.logger.progname = "dyndnsd"
|
||||
Dyndnsd.logger.formatter = LogFormatter.new
|
||||
|
||||
Dyndnsd.logger.info "Starting..."
|
||||
|
||||
|
||||
# drop privs (first change group than user)
|
||||
Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
|
||||
Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
|
||||
@ -174,7 +181,7 @@ module Dyndnsd
|
||||
db = Database.new(config['db'])
|
||||
updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
|
||||
responder = Responder::DynDNSStyle.new
|
||||
|
||||
|
||||
# configure rack
|
||||
app = Daemon.new(config, db, updater, responder)
|
||||
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
|
||||
|
@ -166,4 +166,11 @@ describe Dyndnsd::Daemon do
|
||||
last_response.should be_ok
|
||||
last_response.body.should == 'good 127.0.0.1'
|
||||
end
|
||||
|
||||
it 'uses clients remote IP address from X-Real-IP header if behind proxy' do
|
||||
authorize 'test', 'secret'
|
||||
get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '10.0.0.1'
|
||||
last_response.should be_ok
|
||||
last_response.body.should == 'good 10.0.0.1'
|
||||
end
|
||||
end
|
||||
|
@ -6,3 +6,7 @@ require 'rack/test'
|
||||
require 'dyndnsd'
|
||||
require 'support/dummy_database'
|
||||
require 'support/dummy_updater'
|
||||
|
||||
RSpec.configure do |config|
|
||||
config.expect_with(:rspec) { |c| c.syntax = :should }
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user