diff --git a/.configure-endpoints.sh b/.configure-endpoints.sh deleted file mode 100755 index 5fdbc3e..0000000 --- a/.configure-endpoints.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -scriptversion="1.0" -srcfolder="src" -updatephp="update.php" -configuresh=".configure.sh" - -### banner -clear -echo "##############################################" -echo "### ownDynDNS multi-endpoint configuration ###" -echo "### script version $scriptversion ###" -echo "##############################################" -echo "" - -echo "This script will set up multiple endpoints within the same webspace.\ - That means you can use multiple sets of user credentials each with their own\ - permissions regarding which domains to update." -echo "" -echo "It is recommended you use the webroot of your desired webspace, although\ - you could place this directory structure anywhere you like, e.g. in a\ - subdirectory of your homepage like example.com/dyndns/[this tree] ." -echo "" -echo "This script assumes you have already downloaded the update.php script\ - and the src directory including its contents." -echo "" - -### set up dir variable for this script -dir=$(pwd) -while [ ! -d $dir/$srcfolder ] -do - echo "current directory does not contain ${srcfolder} !" - read -p "enter directory where ownDynDNS is located: " dir -done - -### set up user and group for permissions later -echo "This script will automatically set the necessary file permissions for\ - your webserver. This might be www-data:www-data, please check if you run\ - into any issues." -echo "" -read -p "enter the user the webserver is running as [www-data]: " wwwuserd -read -p "enter the group the webserver is running as [www-data]: " wwwgroupd -wwwuserd=${wwwuserd:-"www-data"} -wwwgroupd=${wwwgroupd:-"www-data"} - - -createEndpoint() { - local endpoint=$1 - mkdir $dir/$endpoint - cp $dir/$updatephp $dir/$endpoint - chmod +x $dir/$configuresh - $dir/$configuresh $dir/$endpoint - chown $wwwuserd:$wwwgroupd $dir/$endpoint/$updatephp - chmod 440 $dir/$endpoint/$updatephp - chown $wwwuserd:$wwwgroupd $dir/$endpoint/.env - chmod 440 $dir/$endpoint/.env -} - -echo "##############################################" -echo "You will now start adding endpoints which are just subdirectories\ - that contain the update.php file as well as a customized .env file." -echo "" - -### endpoint creation loop -while true -do - read -p "enter endpoint name [Empty to quit]: " endpoint - if [ -z $endpoint ]; then break; fi - createEndpoint $endpoint -done diff --git a/.configure.sh b/.configure.sh deleted file mode 100755 index b89b8d0..0000000 --- a/.configure.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash - -# set variables -scriptversion="1.6" - -defaultenvfile=".env.dist" - -if [ ! -z $1 ] -then - dir=$1 - endpoint=$(basename ${dir}) - - # set up log file location suggestion - log1="/var/log/dnsupdater/${endpoint}.json" - log2="${dir}/log.json" - -else - echo "### ownDynDNS configuration script" - - wwwuserd="www-data" - wwwgroupd="www-data" - - dir=$(pwd) - while [ ! -f $dir/$defaultenvfile ] - do - echo "current directory does not contain ${defaultenvfile} !" - read -p "enter directory where ownDynDNS is located: " dir - done - - # source .env.dist - source $dir/$defaultenvfile - - # set up log file location suggestions - log1="$logFile" - log2="/var/log/dnsupdater/log.json" -fi - - -envfile="${dir}/.env" - - -### main script -#echo "found ${defaultenvfile}. using current directory" - -read -p "enter a custom username for dns updates [random]: " user -user=${user:-$(tr -dc A-Za-z0-9 $htaccess << EOM - - Order allow,deny - Deny from all -envfile -EOM - if [ -z $endpoint ] - then - rm .htaccess.example - fi - ;; - 3) - mv .htaccess{.example,} - ;; - *) - if [ -z $endpoint ] - then - rm .htaccess.example - fi - ;; -esac - -### nginx htaccess equivalent message -echo "if you are using nginx please read the docs about how to disable access to certain files and folders.\nyou might add a location block to the beginning of your site config as follows:" -echo -e " location ~* (env|log|json) {\n deny all;\n return 404;\n }" - -read -p "do you wish to enable result return? [y/N]: " returnip -echo "" -if [[ ${returnip,,::1} == "y" ]] -then - #echo "enabling return ip" - returnip="true" -else - #echo "disabling return ip" - returnip="false" -fi - -read -p "do you want to allow creation of new entries on the fly? [y/N]: " allowcreate -echo "" -if [[ ${allowcreate,,::1} == "y" ]] -then - #echo "enabling return ip" - allowcreate="true" -else - #echo "disabling return ip" - allowcreate="false" -fi - -read -p "do you want to restrict updates to a specific domain entry? [Y/n]: " restrictdomain -echo "" -if [[ ${restrictdomain,,::1} == "n" ]] -then - restrictdomain="false" -else - restrictdomain="true" - echo "enter the FQDN you want to restrict updates to. If you are using third\ - level domains, e.g. nas.home.example.com you should only enter example.com" - echo "use the \"host\" variable for nas.home in that case." - echo "" - read -p "domain or FQDN: " domain - echo "" - read -p "host if third level domain: " host - echo "" -fi - - -### create the .env file -if [ -f $envfile ] -then - echo "${envfile} already exists!" - read -p "overwrite? [y/N]: " overwrite - echo "" - if [[ ! ${overwrite,,::1} == y ]] - then - echo "script cancelled. exiting" - echo "" - exit 1 - fi -fi - -touch $envfile -echo "# file created at $(date)" >$envfile -echo "# by configuration script version ${scriptversion}" >> $envfile -echo "username=\"${user}\"" >> $envfile -echo "password=\"${pass}\"" >> $envfile -echo "apiKey=\"${apikey}\"" >> $envfile -echo "apiPassword=\"${apipass}\"" >> $envfile -echo "customerId=\"${custid}\"" >> $envfile -echo "debug=${debug}" >> $envfile -echo "log=${log}" >> $envfile -echo "logFile=${logfile}" >> $envfile -echo "returnIp=${returnip}" >> $envfile -echo "allowCreate=${allowcreate}" >> $envfile -echo "restrictDomain=${restrictdomain}" >> $envfile -if [ ! -z ${domain} ] -then - echo "domain=${domain}" >> $envfile -fi -if [ ! -z ${host} ] -then - echo "host=${host}" >> $envfile -fi - -echo "created .env file at: ${envfile}" -echo "" diff --git a/.htaccess.example b/.htaccess.example deleted file mode 100644 index 3da7edf..0000000 --- a/.htaccess.example +++ /dev/null @@ -1,4 +0,0 @@ - - Order allow,deny - Deny from all - diff --git a/Dockerfile b/Dockerfile index b89bdab..f967795 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,10 @@ FROM serversideup/php:8.3-fpm-nginx-alpine USER root -RUN mkdir -p /var/www/html/src &&\ +RUN mkdir -p /var/www/html/public/src &&\ install-php-extensions soap USER www-data -COPY --chown=www-data:www-data ./default.conf /etc/nginx/conf.d/default.conf -COPY --chown=www-data:www-data ./data/src/ /var/www/html/src -COPY --chown=www-data:www-data ./data/update.php /var/www/html -COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/.env -VOLUME /var/www/html -WORKDIR /var/www/html -EXPOSE 80 \ No newline at end of file +WORKDIR /var/www/html/public +COPY --chown=www-data:www-data ./data/src/ /var/www/html/public/src +COPY --chown=www-data:www-data ./data/update.php /var/www/html/public +COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/public/.env +HEALTHCHECK --interval= --timeout=5s --start-period=10s CMD curl --insecure --silent --location --show-error --fail http://localhost:8080$HEALTHCHECK_PATH || exit 1 diff --git a/README.md b/README.md index 1baea05..ae18751 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # ownDynDNS -Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM FRITZ!Box +Self-hosted dynamic DNS php-based Docker container to update netcup DNS API from consumer routers etc. ## Authors * Felix Kretschmer [@fernwerker](https://github.com/fernwerker) @@ -8,38 +8,11 @@ Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM * Nils Blume [@niiwiicamo](https://github.com/niiwiicamo) ## Usage -### Install using configure scripts -* Copy `update.php`, `src/*`, `.env.dist`, `.configure.sh` and `.configure-endpoints.sh` to your webspace -* If you want multiple endpoints use .configure-endpoints.sh -* If you want a single endpoint use .configure.sh -### Manual Installation -* Copy all files to your webspace -* If you want multiple endpoints that each can only update one domain look at the mydomain folder.
-The update URL would be https://`url`/mydomain/update.php?(...) -* create a copy of `.env.dist` as `.env` and configure: - -Parameter | Example | Explanation ----: | :--- | :--- -`username` | dnsupdater | The username for your Router to authenticate (so not everyone can update your DNS) -`password` | secretpleasechange | password for your Router -`apiKey` | 18neqwd91e21onei1p23841 | API key which is generated in netcup CCP -`apiPassword` | 82jewqde9m30 | API password which is generated in netcup CCP -`customerId` | 12345 | your netcup Customer ID -`log` | `true` / false | enables logging -`logFile` | log.json | configures logfile location if enabled -`debug` | true / `false` | enables debug mode and generates more output from update.php (normal operation has no output). Needed to receive stack traces from errors. -`returnIp` | `true` / false | enables return of result if a record was changed -`allowCreate` | true/`false` | allows creation of entries if parameter `create=true` in URL -`restrictDomain` | true / `false` | allows admin to restrict the domain to update to a given value `domain` and/or `host`. See URL parameters for host parameter explanation -`allowNetcupCreds` | true / `false` | allows the user to pass netcup credentials directly via the URL. URL creds will be preferred if any still exist in .env file -`allowAnonymous` | true / `false` | allows anonymous login, recommended only if you do not store any credentials and disable logging - -* alternatively you can use .configure.sh to create your .env file for you (if you are on a *NIX system) - -* Create each host record in your netcup CCP (DNS settings) before using the script. The script does not create any missing records.
-You can now set `allowCreate=true` in .env and pass `create=true` as URL parameter to create entries on the fly. +### docker-compose.yaml +``` +``` ## URL possible uses: ### Required parameters in URL: diff --git a/default.conf b/default.conf deleted file mode 100644 index 7a79ba2..0000000 --- a/default.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 0.0.0.0:80; - root /var/www/html; - location / { - return 302 https://github.com/NiiWiiCamo/ownDynDNS; - } - location ~ \.php$ { - include fastcgi_params; - fastcgi_pass localhost:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - } -} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 5c3f75f..39616f7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,23 +1,20 @@ -version: "3" services: - - nginx: - build: - context: . - dockerfile: nginx/Dockerfile + owndyndns: + container_name: dyndns + image: niiwiicamo/owndyndns + environment: + DDNS_USER: changeme + DDNS_PASS: changeme + NETCUP_APIKEY: 12345asdf + NETCUP_APIPASS: asdf12345 + NETCUP_CUSTOMERID: 01234 + DDNS_DEBUG: 0 # optional, default: 0 + DDNS_LOG: 0 # optional, default: 1 + # DDNS_LOGFILE: log.json # optional, default: log.json + DDNS_RETURNIP: 0 # optional, default: 1 + DDNS_ALLOWCREATE: 1 # optional, default: 0 + # DDNS_RESTRICTDOMAIN: 0 # optional, default: 0 + # DDNS_FORCEDDOMAIN: example.net # optional, default empty + # DDNS_FORCEDHOST: hostname # optional, default empty ports: - - "8180:80" - volumes: - - data:/var/www/html - - php: - build: - context: . - dockerfile: php/Dockerfile - depends_on: - - nginx - volumes: - - data:/var/www/html - -volumes: - data: \ No newline at end of file + - 8080:8080 diff --git a/examples/multisite.md b/examples/multisite.md deleted file mode 100644 index fcbf073..0000000 --- a/examples/multisite.md +++ /dev/null @@ -1,67 +0,0 @@ -# Multiple Endpoints with separate credentials -For advanced use you might want to have separate users that can each only update one domain entry. - -In that case it might be beneficial to habe multiple endpoints, e.g. `https://dyndns.example.com/endpointN/update.php` where endpointN is any directory name you wish. - -## Setting up multiple endpoints -The directory structure of your webroot might look like this: -
-├── index.html
-├── src
-│   ├── Config.php
-│   ├── Handler.php
-│   ├── Payload.php
-│   └── Soap.php
-├── fritzbox        # this is a subdomain
-│   ├── .env
-│   └── update.php
-├── nas             # this is another
-│   ├── .env
-│   └── update.php
-├── examplenet      # uses another netcup account
-│   ├── .env
-│   └── update.php
-└── subdomain1      # and another subdomain
-    ├── .env
-    └── update.php
-
- -Here the update.php files are copied from the mydomain example directory. All .env files contain different user credentials and may even use different netcup credentials. - -## Setting up domain restrictions per .env file -It is nice to have multiple sets of credentials, but if anyone can update any entry of any domain this defeats the purpose. - -That is why you can enable domain restriction per .env file and thereby per set of user credentials. - -In these cases you the domain you send in your url will be ignored in favour of the one configured in the .env file. You still need to send a placeholder for validation purposes. - -Example .env file for fritzbox.example.com.
-Callable by: `https://dyndns.example.com/fritzbox/update.php?user=fritzbox&password=changeme&domain=placeholder&ipv4=1.2.3.4` -
-username="fritzbox"
-password="changemeplease"
-apiKey="j1meo213em823jd2q9"
-apiPassword="12345secret"
-customerId="12345"
-debug=false
-log=true
-logFile=/var/log/dnsupdater/fritzbox.json
-restrictDomain=true
-domain=fritzbox.example.com
-
- -Example .env file for nas.home.example.com.
-Callable by: `https://dyndns.example.com/nas/update.php?user=nas&password=changeme&domain=placeholder&ipv4=1.2.3.4` -
-username="nas"
-password="changemeplease"
-apiKey="j1meo213em823jd2q9"
-apiPassword="12345secret"
-customerId="12345"
-debug=false
-log=true
-logFile=/var/log/dnsupdater/nas.json
-restrictDomain=true
-domain=example.com    # for explicit use of third-level domain
-host=nas.home         # we use the optional host parameter
-
\ No newline at end of file diff --git a/examples/mydomain/.env.dist b/examples/mydomain/.env.dist deleted file mode 100644 index 9162fbe..0000000 --- a/examples/mydomain/.env.dist +++ /dev/null @@ -1,12 +0,0 @@ -username="only-mydomain" -password="changemeplease" -apiKey="netcup DNS API Key" -apiPassword="netcup DNS API Password" -customerId="netcup customer ID" -debug=false -log=true -logFile=mydomain.json -returnIp=true -allowCreate=false -restrictDomain=true -domain="mydomain.example.com" diff --git a/examples/mydomain/update.php b/examples/mydomain/update.php deleted file mode 100755 index bbb8b8e..0000000 --- a/examples/mydomain/update.php +++ /dev/null @@ -1,20 +0,0 @@ -doRun(); diff --git a/examples/nginx-server-block.conf b/examples/nginx-server-block.conf deleted file mode 100644 index e444040..0000000 --- a/examples/nginx-server-block.conf +++ /dev/null @@ -1,54 +0,0 @@ -# -# This assumes you already have the html { block configured -# - -server { - - listen 80; # highly recommend to use 443 and ssl, look into using certbot - - server_name dyndns.example.com; - root /var/www/dnydns.example.com; - - # if you are using a dedicated site remove everythin except update.php - # update.php; - update.php index index.html index.htm index.nginx-debian.html index.php; - - # deny all access to any file containing "env", "log" or "json" - # returns 404 as if file did not exist - location ~* (env|log|json) { - deny all; - return 404; - } - - # deny access to any file .ht* like .htaccess or .htpasswd - location ~ /\.ht { - deny all; - } - - # pass PHP scripts to FastCGI server - location ~ \.php$ { - - # FastCGI config, might be in another file that is included - - # regex to split $uri to $fastcgi_script_name and $fastcgi_path - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - - # Check that the PHP script exists before passing it - try_files $fastcgi_script_name =404; - - # Bypass the fact that try_files resets $fastcgi_path_info - # see: http://trac.nginx.org/nginx/ticket/321 - set $path_info $fastcgi_path_info; - fastcgi_param PATH_INFO $path_info; - - fastcgi_index index.php; - include fastcgi.conf; - - - # With php-fpm (or other unix sockets): - fastcgi_pass unix:/run/php/php-fpm.sock; - # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - } - -} \ No newline at end of file diff --git a/examples/update-dyndns.sh b/examples/update-dyndns.sh deleted file mode 100755 index de54667..0000000 --- a/examples/update-dyndns.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -# you can run this script from **ix bases device to update (different) Records - -USER="max_mustermann" -PASS="s3cr3t" -DOMAIN="my-home-nas.de" -#DOMAIN="nas.my-home.de" -SCRIPT="https:///update.php" -FORCE=0 -MODE="both" # can be undefined, "@", "*" or "both" - -IPV4=$(curl -4 -q v4.ident.me) -IPV6=$(curl -6 -q v6.ident.me) - -echo ${IPV4} -echo ${IPV6} - -# PAYLOAD_IPV4="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&domain=${DOMAIN}&mode=${MODE}" -# curl -X POST --data "${PAYLOAD_IPV4}" ${SCRIPT} - -# PAYLOAD_IPV6="force=${FORCE}&user=${USER}&password=${PASS}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE"} -# curl -X POST --data "${PAYLOAD_IPV6}" ${SCRIPT} - -PAYLOAD_BOTH="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE}" -curl -X POST --data "${PAYLOAD_BOTH}" ${SCRIPT}