cleanup

.configure-endpoints.sh

@@ -1,70 +0,0 @@
-#!/bin/bash
-
-scriptversion="1.0"
-srcfolder="src"
-updatephp="update.php"
-configuresh=".configure.sh"
-
-### banner
-clear
-echo "##############################################"
-echo "### ownDynDNS multi-endpoint configuration ###"
-echo "###           script version $scriptversion           ###"
-echo "##############################################"
-echo ""
-
-echo "This script will set up multiple endpoints within the same webspace.\
- That means you can use multiple sets of user credentials each with their own\
- permissions regarding which domains to update."
-echo ""
-echo "It is recommended you use the webroot of your desired webspace, although\
- you could place this directory structure anywhere you like, e.g. in a\
- subdirectory of your homepage like example.com/dyndns/[this tree] ."
-echo ""
-echo "This script assumes you have already downloaded the update.php script\
- and the src directory including its contents."
-echo ""
-
-### set up dir variable for this script
-dir=$(pwd)
-while [ ! -d $dir/$srcfolder ]
-do
-  echo "current directory does not contain ${srcfolder} !"
-  read -p "enter directory where ownDynDNS is located: " dir
-done
-
-### set up user and group for permissions later
-echo "This script will automatically set the necessary file permissions for\
- your webserver. This might be www-data:www-data, please check if you run\
- into any issues."
-echo ""
-read -p "enter the user the webserver is running as [www-data]: " wwwuserd
-read -p "enter the group the webserver is running as [www-data]: " wwwgroupd
-wwwuserd=${wwwuserd:-"www-data"}
-wwwgroupd=${wwwgroupd:-"www-data"}
-
-
-createEndpoint() {
-  local endpoint=$1
-  mkdir $dir/$endpoint
-  cp $dir/$updatephp $dir/$endpoint
-  chmod +x $dir/$configuresh
-  $dir/$configuresh $dir/$endpoint
-  chown $wwwuserd:$wwwgroupd $dir/$endpoint/$updatephp
-  chmod 440 $dir/$endpoint/$updatephp
-  chown $wwwuserd:$wwwgroupd $dir/$endpoint/.env
-  chmod 440 $dir/$endpoint/.env
-}
-
-echo "##############################################"
-echo "You will now start adding endpoints which are just subdirectories\
- that contain the update.php file as well as a customized .env file."
-echo ""
-
-### endpoint creation loop
-while true
-do
-  read -p "enter endpoint name [Empty to quit]: " endpoint
-  if [ -z $endpoint ]; then break; fi
-  createEndpoint $endpoint
-done

.configure.sh

@@ -1,265 +0,0 @@
-#!/bin/bash
-
-# set variables
-scriptversion="1.6"
-
-defaultenvfile=".env.dist"
-
-if [ ! -z $1 ]
-then
-  dir=$1
-  endpoint=$(basename ${dir})
-
-  # set up log file location suggestion
-  log1="/var/log/dnsupdater/${endpoint}.json"
-  log2="${dir}/log.json"
-  
-else
-  echo "### ownDynDNS configuration script"
-
-  wwwuserd="www-data"
-  wwwgroupd="www-data"
-
-  dir=$(pwd)
-  while [ ! -f $dir/$defaultenvfile ]
-  do
-    echo "current directory does not contain ${defaultenvfile} !"
-    read -p "enter directory where ownDynDNS is located: " dir
-  done
-
-  # source .env.dist
-  source $dir/$defaultenvfile
-
-  # set up log file location suggestions
-  log1="$logFile"
-  log2="/var/log/dnsupdater/log.json"
-fi
-
-
-envfile="${dir}/.env"
-
-
-### main script
-#echo "found ${defaultenvfile}. using current directory"
-
-read -p "enter a custom username for dns updates [random]: " user
-user=${user:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
-echo "using username: ${user}"
-
-read -s -p "enter a custom password for dns updates [random]: " pass
-pass=${pass:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
-echo ""
-echo "using password: ${pass}"
-
-if [ -z $DDNS_NETCUP_API_KEY ]
-then
-  read -s -p "enter your netcup DNS API Key: " apikey
-  echo ""
-else
-  echo -e "Found DDNS_NETCUP_API_KEY. Leave empty to use or enter new DNS API Key\n"
-  read -p "DNS API Key [${DDNS_NETCUP_API_KEY}]: " apikey
-  apikey=${apikey:-$DDNS_NETCUP_API_KEY}
-fi
-
-if [ -z $DDNS_NETCUP_API_PASSWORD ]
-then
-  read -s -p "enter your netcup API Password: " apipass
-  echo ""
-else
-  echo "Found DDNS_NETCUP_API_PASSWORD. Leave empty to use or enter new DNS API Password"
-  read -p "DNS API Password [${DDNS_NETCUP_API_PASSWORD}]: " apipass
-  echo ""
-  apipass=${apipass:-$DDNS_NETCUP_API_PASSWORD}
-fi
-
-if [ -z $DDNS_NETCUP_CUSTOMER_ID ]
-then
-  read -s -p "enter your netcup customer ID: " custid
-  echo ""
-else
-  echo "Found DDNS_NETCUP_CUSTOMER_ID. Leave empty to use or enter new customer ID"
-  read -p "Netcup customer ID [${DDNS_NETCUP_CUSTOMER_ID}]: " custid
-  echo ""
-  custid=${custid:-$DDNS_NETCUP_CUSTOMER_ID}
-fi
-
-read -p "do you wish to enable debugging? [y/N]: " debug
-echo ""
-if [[ ${debug,,::1} == "y" ]]
-then
-  #echo "enabling debugging"
-  debug="true"
-else
-  #echo "disabling debugging"
-  debug="false"
-fi
-
-read -p "do you want to enable logging? [Y/n]: " log
-echo ""
-if [[ ${log,,::1} != "n" ]]
-then
-  #echo "enabling logging"
-  log="true"
-else
-  #echo "disabling logging"
-  log="false"
-fi
-
-echo "the logfile is created in this directory by default. your ip history is thereby publically available."
-echo "select where the logfile should be created if enabled:"
-echo "[1] default: ${log1}"
-echo "[2] private: ${log2}"
-echo "[3] custom location"
-
-read -p "select from the choices above [1]: " choice
-echo ""
-case $choice in
-  2)
-    logfile=${log2}
-    ;;
-  3)
-    read -p "enter logfile location: " logfile
-    echo ""
-    logfile=${logfile:-$log1}
-    ;;
-  *)
-    logfile=${log1}
-    ;;
-esac
-
-if [ -z ${endpoint} ]
-then
-  echo "the logfile needs to be writable by the webserver if logging is enabled."
-  read -p "which user does the webserver run as? [${wwwuserd}]: " wwwuser
-  echo ""
-  wwwuser=${wwwuser:-$wwwuserd}
-
-  read -p "which group does the webserver run as? [${wwwgroupd}]: " wwwgroup
-  echo ""
-  wwwgroup=${wwwgroup:-$wwwgroupd}
-
-  mkdir -p $(dirname $logfile) && touch $logfile || echo "### could not create logfile!"
-  echo ""
-  chown $wwwuser:$wwwgroup $logfile
-  chmod 0640 $logfile
-  #echo "logfile will be created at: ${logfile}"
-fi
-
-
-### Apache htaccess file config
-echo "if you are using apache it is recommended to enable the .htaccess file to prevent unauthorized access to the .env file and any logfile."
-echo "select if you want to enable the .htaccess file:"
-echo "[1] no .htaccess file. (e.g. using nginx)"
-echo "[2] block access to .env file only (default log location accessible)"
-echo "[3] block access to .env file and log file"
-echo ""
-
-read -p "select from the choices above [1]: " choice
-echo ""
-case $choice in
-  2)
-    cat > $htaccess << EOM
-<FilesMatch "\.env$">
-        Order allow,deny
-        Deny from all
-</FilesMatch>envfile
-EOM
-    if [ -z $endpoint ]
-    then
-      rm .htaccess.example
-    fi
-    ;;
-  3)
-    mv .htaccess{.example,}
-    ;;
-  *)
-    if [ -z $endpoint ]
-    then
-      rm .htaccess.example
-    fi
-    ;;
-esac
-
-### nginx htaccess equivalent message
-echo "if you are using nginx please read the docs about how to disable access to certain files and folders.\nyou might add a location block to the beginning of your site config as follows:"
-echo -e "  location ~* (env|log|json) {\n    deny all;\n    return 404;\n  }"
-
-read -p "do you wish to enable result return? [y/N]: " returnip
-echo ""
-if [[ ${returnip,,::1} == "y" ]]
-then
-  #echo "enabling return ip"
-  returnip="true"
-else
-  #echo "disabling return ip"
-  returnip="false"
-fi
-
-read -p "do you want to allow creation of new entries on the fly? [y/N]: " allowcreate
-echo ""
-if [[ ${allowcreate,,::1} == "y" ]]
-then
-  #echo "enabling return ip"
-  allowcreate="true"
-else
-  #echo "disabling return ip"
-  allowcreate="false"
-fi
-
-read -p "do you want to restrict updates to a specific domain entry? [Y/n]: " restrictdomain
-echo ""
-if [[ ${restrictdomain,,::1} == "n" ]]
-then
-  restrictdomain="false"
-else
-  restrictdomain="true"
-  echo "enter the FQDN you want to restrict updates to. If you are using third\
- level domains, e.g. nas.home.example.com you should only enter example.com"
-  echo "use the \"host\" variable for nas.home in that case."
-  echo ""
-  read -p "domain or FQDN: " domain
-  echo ""
-  read -p "host if third level domain: " host
-  echo ""
-fi
-
-
-### create the .env file
-if [ -f $envfile ]
-then
-  echo "${envfile} already exists!"
-  read -p "overwrite? [y/N]: " overwrite
-  echo ""
-  if [[ ! ${overwrite,,::1} == y ]]
-  then
-    echo "script cancelled. exiting"
-    echo ""
-    exit 1
-  fi
-fi
-
-touch $envfile
-echo "# file created at $(date)" >$envfile
-echo "# by configuration script version ${scriptversion}" >> $envfile
-echo "username=\"${user}\"" >> $envfile
-echo "password=\"${pass}\"" >> $envfile
-echo "apiKey=\"${apikey}\"" >> $envfile
-echo "apiPassword=\"${apipass}\"" >> $envfile
-echo "customerId=\"${custid}\"" >> $envfile
-echo "debug=${debug}" >> $envfile
-echo "log=${log}" >> $envfile
-echo "logFile=${logfile}" >> $envfile
-echo "returnIp=${returnip}" >> $envfile
-echo "allowCreate=${allowcreate}" >> $envfile
-echo "restrictDomain=${restrictdomain}" >> $envfile
-if [ ! -z ${domain} ]
-then
-  echo "domain=${domain}" >> $envfile
-fi
-if [ ! -z ${host} ]
-then
-  echo "host=${host}" >> $envfile
-fi
-
-echo "created .env file at: ${envfile}"
-echo ""

.htaccess.example

@@ -1,4 +0,0 @@
-<FilesMatch "\.(env|json)$">
-	Order allow,deny
-	Deny from all
-</FilesMatch>

Dockerfile

@@ -1,12 +1,10 @@
 FROM serversideup/php:8.3-fpm-nginx-alpine
 USER root
-RUN mkdir -p /var/www/html/src &&\
+RUN mkdir -p /var/www/html/public/src &&\
     install-php-extensions soap
 USER www-data
-COPY --chown=www-data:www-data ./default.conf /etc/nginx/conf.d/default.conf
+WORKDIR /var/www/html/public
-COPY --chown=www-data:www-data ./data/src/ /var/www/html/src
+COPY --chown=www-data:www-data ./data/src/ /var/www/html/public/src
-COPY --chown=www-data:www-data ./data/update.php /var/www/html
+COPY --chown=www-data:www-data ./data/update.php /var/www/html/public
-COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/.env
+COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/public/.env
-VOLUME /var/www/html
+HEALTHCHECK --interval= --timeout=5s --start-period=10s CMD curl --insecure --silent --location --show-error --fail http://localhost:8080$HEALTHCHECK_PATH || exit 1
-WORKDIR /var/www/html
-EXPOSE 80

README.md

@@ -1,5 +1,5 @@
 # ownDynDNS
-Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM FRITZ!Box  
+Self-hosted dynamic DNS php-based Docker container to update netcup DNS API from consumer routers etc.  
 
 ## Authors
 * Felix Kretschmer [@fernwerker](https://github.com/fernwerker)
@@ -8,38 +8,11 @@ Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM
 * Nils Blume [@niiwiicamo](https://github.com/niiwiicamo)
 
 ## Usage
-### Install using configure scripts
-* Copy `update.php`, `src/*`, `.env.dist`, `.configure.sh` and `.configure-endpoints.sh` to your webspace
-* If you want multiple endpoints use .configure-endpoints.sh
-* If you want a single endpoint use .configure.sh
 
-### Manual Installation
+### docker-compose.yaml
-* Copy all files to your webspace
+```
-* If you want multiple endpoints that each can only update one domain look at the mydomain folder.<br>
-The update URL would be https://`url`/mydomain/update.php?(...)
-* create a copy of `.env.dist` as `.env` and configure:
-
-Parameter | Example | Explanation
----: | :--- | :---
-`username` | dnsupdater |  The username for your Router to authenticate (so not everyone can update your DNS)
-`password` | secretpleasechange | password for your Router
-`apiKey` | 18neqwd91e21onei1p23841 | API key which is generated in netcup CCP
-`apiPassword` | 82jewqde9m30 | API password which is generated in netcup CCP
-`customerId` | 12345 | your netcup Customer ID
-`log` | `true` / false | enables logging
-`logFile` | log.json | configures logfile location if enabled
-`debug` | true / `false` | enables debug mode and generates more output from update.php (normal operation has no output). Needed to receive stack traces from errors.
-`returnIp` | `true` / false | enables return of result if a record was changed
-`allowCreate` | true/`false` | allows creation of entries if parameter `create=true` in URL
-`restrictDomain` | true / `false` | allows admin to restrict the domain to update to a given value `domain` and/or `host`. See URL parameters for host parameter explanation
-`allowNetcupCreds` | true / `false` | allows the user to pass netcup credentials directly via the URL. URL creds will be preferred if any still exist in .env file
-`allowAnonymous` | true / `false` | allows anonymous login, recommended only if you do not store any credentials and disable logging
-
-* alternatively you can use .configure.sh to create your .env file for you (if you are on a *NIX system)
-
-* Create each host record in your netcup CCP (DNS settings) before using the script. <s>The script does not create any missing records.</s><br>
-You can now set `allowCreate=true` in .env and pass `create=true` as URL parameter to create entries on the fly.
 
+```
 
 ## URL possible uses:
 ### Required parameters in URL:

default.conf

@@ -1,13 +0,0 @@
-server {
-    listen 0.0.0.0:80;
-    root /var/www/html;
-    location / {
-        return 302 https://github.com/NiiWiiCamo/ownDynDNS;
-    }
-    location ~ \.php$ {
-        include fastcgi_params;
-        fastcgi_pass localhost:9000;
-        fastcgi_index index.php;
-        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
-    }
-}

docker-compose.yml

@@ -1,23 +1,20 @@
-version: "3"
 services:
-
+  owndyndns:
-  nginx:
+    container_name: dyndns
-    build:
+    image: niiwiicamo/owndyndns
-      context: .
+    environment:
-      dockerfile: nginx/Dockerfile
+      DDNS_USER: changeme
+      DDNS_PASS: changeme
+      NETCUP_APIKEY: 12345asdf
+      NETCUP_APIPASS: asdf12345
+      NETCUP_CUSTOMERID: 01234
+      DDNS_DEBUG: 0  # optional, default: 0
+      DDNS_LOG: 0  # optional, default: 1
+      # DDNS_LOGFILE: log.json  # optional, default: log.json
+      DDNS_RETURNIP: 0  # optional, default: 1
+      DDNS_ALLOWCREATE: 1  # optional, default: 0
+      # DDNS_RESTRICTDOMAIN: 0  # optional, default: 0
+      # DDNS_FORCEDDOMAIN: example.net  # optional, default empty
+      # DDNS_FORCEDHOST: hostname  # optional, default empty
     ports:
-      - "8180:80"
+      - 8080:8080
-    volumes:
-      - data:/var/www/html
-
-  php:
-    build:
-      context: .
-      dockerfile: php/Dockerfile
-    depends_on:
-      - nginx
-    volumes:
-      - data:/var/www/html
-
-volumes:
-  data:

examples/multisite.md

@@ -1,67 +0,0 @@
-# Multiple Endpoints with separate credentials
-For advanced use you might want to have separate users that can each only update one domain entry.
-
-In that case it might be beneficial to habe multiple endpoints, e.g. `https://dyndns.example.com/endpointN/update.php` where endpointN is any directory name you wish.
-
-## Setting up multiple endpoints
-The directory structure of your webroot might look like this:
-<pre>
-├── index.html
-├── src
-│   ├── Config.php
-│   ├── Handler.php
-│   ├── Payload.php
-│   └── Soap.php
-├── fritzbox        # this is a subdomain
-│   ├── .env
-│   └── update.php
-├── nas             # this is another
-│   ├── .env
-│   └── update.php
-├── examplenet      # uses another netcup account
-│   ├── .env
-│   └── update.php
-└── subdomain1      # and another subdomain
-    ├── .env
-    └── update.php
-</pre>
-
-Here the update.php files are copied from the mydomain example directory. All .env files contain different user credentials and may even use different netcup credentials.
-
-## Setting up domain restrictions per .env file
-It is nice to have multiple sets of credentials, but if anyone can update any entry of any domain this defeats the purpose.
-
-That is why you can enable domain restriction per .env file and thereby per set of user credentials.
-
-In these cases you the domain you send in your url will be ignored in favour of the one configured in the .env file. <b>You still need to send a placeholder for validation purposes.</b>
-
-Example .env file for fritzbox.example.com.<br>
-Callable by: `https://dyndns.example.com/fritzbox/update.php?user=fritzbox&password=changeme&domain=placeholder&ipv4=1.2.3.4`
-<pre>
-username="fritzbox"
-password="changemeplease"
-apiKey="j1meo213em823jd2q9"
-apiPassword="12345secret"
-customerId="12345"
-debug=false
-log=true
-logFile=/var/log/dnsupdater/fritzbox.json
-restrictDomain=true
-domain=fritzbox.example.com
-</pre>
-
-Example .env file for nas.home.example.com.<br>
-Callable by: `https://dyndns.example.com/nas/update.php?user=nas&password=changeme&domain=placeholder&ipv4=1.2.3.4`
-<pre>
-username="nas"
-password="changemeplease"
-apiKey="j1meo213em823jd2q9"
-apiPassword="12345secret"
-customerId="12345"
-debug=false
-log=true
-logFile=/var/log/dnsupdater/nas.json
-restrictDomain=true
-domain=example.com    # for explicit use of third-level domain
-host=nas.home         # we use the optional host parameter
-</pre>

examples/mydomain/.env.dist

@@ -1,12 +0,0 @@
-username="only-mydomain"
-password="changemeplease"
-apiKey="netcup DNS API Key"
-apiPassword="netcup DNS API Password"
-customerId="netcup customer ID"
-debug=false
-log=true
-logFile=mydomain.json
-returnIp=true
-allowCreate=false
-restrictDomain=true
-domain="mydomain.example.com"

examples/mydomain/update.php

@@ -1,20 +0,0 @@
-<?php
-
-error_reporting(-1);
-ini_set('display_errors', 1);
-ini_set('html_errors', 0);
-
-header('Content-Type: text/plain; charset=utf-8');
-
-require_once __DIR__ . '/../src/Soap.php';
-require_once __DIR__ . '/../src/Config.php';
-require_once __DIR__ . '/../src/Payload.php';
-require_once __DIR__ . '/../src/Handler.php';
-
-if (!file_exists('.env')) {
-    throw new RuntimeException('.env file missing');
-}
-
-$config = parse_ini_file('.env', false, INI_SCANNER_TYPED);
-
-(new netcup\DNS\API\Handler($config, $_REQUEST))->doRun();

examples/nginx-server-block.conf

@@ -1,54 +0,0 @@
-#
-# This assumes you already have the html { block configured
-#
-
-server {
-
-  listen 80; # highly recommend to use 443 and ssl, look into using certbot
-
-  server_name dyndns.example.com;
-  root /var/www/dnydns.example.com;
-
-  # if you are using a dedicated site remove everythin except update.php
-  # update.php;
-  update.php index index.html index.htm index.nginx-debian.html index.php;
-
-  # deny all access to any file containing "env", "log" or "json"
-  # returns 404 as if file did not exist
-  location ~* (env|log|json) {
-    deny all;
-    return 404;
-  }
-
-  # deny access to any file .ht* like .htaccess or .htpasswd
-  location ~ /\.ht {
-    deny all;
-  }
-
-  # pass PHP scripts to FastCGI server
-  location ~ \.php$ {
-    
-    # FastCGI config, might be in another file that is included
-
-    # regex to split $uri to $fastcgi_script_name and $fastcgi_path
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-
-    # Check that the PHP script exists before passing it
-    try_files $fastcgi_script_name =404;
-
-    # Bypass the fact that try_files resets $fastcgi_path_info
-    # see: http://trac.nginx.org/nginx/ticket/321
-    set $path_info $fastcgi_path_info;
-    fastcgi_param PATH_INFO $path_info;
-
-    fastcgi_index index.php;
-    include fastcgi.conf;
-
-
-    # With php-fpm (or other unix sockets):
-    fastcgi_pass unix:/run/php/php-fpm.sock;
-    # With php-cgi (or other tcp sockets):
-    # fastcgi_pass 127.0.0.1:9000;
-  }
-
-}

examples/update-dyndns.sh

@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-# you can run this script from **ix bases device to update (different) Records
-
-USER="max_mustermann"
-PASS="s3cr3t"
-DOMAIN="my-home-nas.de"
-#DOMAIN="nas.my-home.de"
-SCRIPT="https://<url of your webspace>/update.php"
-FORCE=0
-MODE="both" # can be undefined, "@", "*" or "both"
-
-IPV4=$(curl -4 -q v4.ident.me)
-IPV6=$(curl -6 -q v6.ident.me)
-
-echo ${IPV4}
-echo ${IPV6}
-
-# PAYLOAD_IPV4="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&domain=${DOMAIN}&mode=${MODE}"
-# curl -X POST --data "${PAYLOAD_IPV4}" ${SCRIPT}
-
-# PAYLOAD_IPV6="force=${FORCE}&user=${USER}&password=${PASS}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE"}
-# curl -X POST --data "${PAYLOAD_IPV6}" ${SCRIPT}
-
-PAYLOAD_BOTH="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE}"
-curl -X POST --data "${PAYLOAD_BOTH}" ${SCRIPT}