sujiba/ownDynDNS
1
0
Fork 0
mirror of https://github.com/fernwerker/ownDynDNS.git synced 2025-07-13 07:05:43 +02:00
Code Issues Releases Activity Actions

cleanup

Browse source
This commit is contained in:
niiwiicamo 2024-07-23 17:56:50 +02:00
parent 7fdc642a54
commit 9a71561ae6
12 changed files with 28 additions and 591 deletions
Download patch file Download diff file Expand all files Collapse all files

70
.configure-endpoints.sh
View file

@ -1,70 +0,0 @@
#!/bin/bash
scriptversion="1.0"
srcfolder="src"
updatephp="update.php"
configuresh=".configure.sh"
### banner
clear
echo "##############################################"
echo "### ownDynDNS multi-endpoint configuration ###"
echo "### script version $scriptversion ###"
echo "##############################################"
echo ""
echo "This script will set up multiple endpoints within the same webspace.\
That means you can use multiple sets of user credentials each with their own\
permissions regarding which domains to update."
echo ""
echo "It is recommended you use the webroot of your desired webspace, although\
you could place this directory structure anywhere you like, e.g. in a\
subdirectory of your homepage like example.com/dyndns/[this tree] ."
echo ""
echo "This script assumes you have already downloaded the update.php script\
and the src directory including its contents."
echo ""
### set up dir variable for this script
dir=$(pwd)
while [ ! -d $dir/$srcfolder ]
do
echo "current directory does not contain ${srcfolder} !"
read -p "enter directory where ownDynDNS is located: " dir
done
### set up user and group for permissions later
echo "This script will automatically set the necessary file permissions for\
your webserver. This might be www-data:www-data, please check if you run\
into any issues."
echo ""
read -p "enter the user the webserver is running as [www-data]: " wwwuserd
read -p "enter the group the webserver is running as [www-data]: " wwwgroupd
wwwuserd=${wwwuserd:-"www-data"}
wwwgroupd=${wwwgroupd:-"www-data"}
createEndpoint() {
local endpoint=$1
mkdir $dir/$endpoint
cp $dir/$updatephp $dir/$endpoint
chmod +x $dir/$configuresh
$dir/$configuresh $dir/$endpoint
chown $wwwuserd:$wwwgroupd $dir/$endpoint/$updatephp
chmod 440 $dir/$endpoint/$updatephp
chown $wwwuserd:$wwwgroupd $dir/$endpoint/.env
chmod 440 $dir/$endpoint/.env
}
echo "##############################################"
echo "You will now start adding endpoints which are just subdirectories\
that contain the update.php file as well as a customized .env file."
echo ""
### endpoint creation loop
while true
do
read -p "enter endpoint name [Empty to quit]: " endpoint
if [ -z $endpoint ]; then break; fi
createEndpoint $endpoint
done

265
.configure.sh
View file

@ -1,265 +0,0 @@
#!/bin/bash
# set variables
scriptversion="1.6"
defaultenvfile=".env.dist"
if [ ! -z $1 ]
then
dir=$1
endpoint=$(basename ${dir})
# set up log file location suggestion
log1="/var/log/dnsupdater/${endpoint}.json"
log2="${dir}/log.json"
else
echo "### ownDynDNS configuration script"
wwwuserd="www-data"
wwwgroupd="www-data"
dir=$(pwd)
while [ ! -f $dir/$defaultenvfile ]
do
echo "current directory does not contain ${defaultenvfile} !"
read -p "enter directory where ownDynDNS is located: " dir
done
# source .env.dist
source $dir/$defaultenvfile
# set up log file location suggestions
log1="$logFile"
log2="/var/log/dnsupdater/log.json"
fi
envfile="${dir}/.env"
### main script
#echo "found ${defaultenvfile}. using current directory"
read -p "enter a custom username for dns updates [random]: " user
user=${user:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
echo "using username: ${user}"
read -s -p "enter a custom password for dns updates [random]: " pass
pass=${pass:-$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)}
echo ""
echo "using password: ${pass}"
if [ -z $DDNS_NETCUP_API_KEY ]
then
read -s -p "enter your netcup DNS API Key: " apikey
echo ""
else
echo -e "Found DDNS_NETCUP_API_KEY. Leave empty to use or enter new DNS API Key\n"
read -p "DNS API Key [${DDNS_NETCUP_API_KEY}]: " apikey
apikey=${apikey:-$DDNS_NETCUP_API_KEY}
fi
if [ -z $DDNS_NETCUP_API_PASSWORD ]
then
read -s -p "enter your netcup API Password: " apipass
echo ""
else
echo "Found DDNS_NETCUP_API_PASSWORD. Leave empty to use or enter new DNS API Password"
read -p "DNS API Password [${DDNS_NETCUP_API_PASSWORD}]: " apipass
echo ""
apipass=${apipass:-$DDNS_NETCUP_API_PASSWORD}
fi
if [ -z $DDNS_NETCUP_CUSTOMER_ID ]
then
read -s -p "enter your netcup customer ID: " custid
echo ""
else
echo "Found DDNS_NETCUP_CUSTOMER_ID. Leave empty to use or enter new customer ID"
read -p "Netcup customer ID [${DDNS_NETCUP_CUSTOMER_ID}]: " custid
echo ""
custid=${custid:-$DDNS_NETCUP_CUSTOMER_ID}
fi
read -p "do you wish to enable debugging? [y/N]: " debug
echo ""
if [[ ${debug,,::1} == "y" ]]
then
#echo "enabling debugging"
debug="true"
else
#echo "disabling debugging"
debug="false"
fi
read -p "do you want to enable logging? [Y/n]: " log
echo ""
if [[ ${log,,::1} != "n" ]]
then
#echo "enabling logging"
log="true"
else
#echo "disabling logging"
log="false"
fi
echo "the logfile is created in this directory by default. your ip history is thereby publically available."
echo "select where the logfile should be created if enabled:"
echo "[1] default: ${log1}"
echo "[2] private: ${log2}"
echo "[3] custom location"
read -p "select from the choices above [1]: " choice
echo ""
case $choice in
2)
logfile=${log2}
;;
3)
read -p "enter logfile location: " logfile
echo ""
logfile=${logfile:-$log1}
;;
*)
logfile=${log1}
;;
esac
if [ -z ${endpoint} ]
then
echo "the logfile needs to be writable by the webserver if logging is enabled."
read -p "which user does the webserver run as? [${wwwuserd}]: " wwwuser
echo ""
wwwuser=${wwwuser:-$wwwuserd}
read -p "which group does the webserver run as? [${wwwgroupd}]: " wwwgroup
echo ""
wwwgroup=${wwwgroup:-$wwwgroupd}
mkdir -p $(dirname $logfile) && touch $logfile || echo "### could not create logfile!"
echo ""
chown $wwwuser:$wwwgroup $logfile
chmod 0640 $logfile
#echo "logfile will be created at: ${logfile}"
fi
### Apache htaccess file config
echo "if you are using apache it is recommended to enable the .htaccess file to prevent unauthorized access to the .env file and any logfile."
echo "select if you want to enable the .htaccess file:"
echo "[1] no .htaccess file. (e.g. using nginx)"
echo "[2] block access to .env file only (default log location accessible)"
echo "[3] block access to .env file and log file"
echo ""
read -p "select from the choices above [1]: " choice
echo ""
case $choice in
2)
cat > $htaccess << EOM
<FilesMatch "\.env$">
Order allow,deny
Deny from all
</FilesMatch>envfile
EOM
if [ -z $endpoint ]
then
rm .htaccess.example
fi
;;
3)
mv .htaccess{.example,}
;;
*)
if [ -z $endpoint ]
then
rm .htaccess.example
fi
;;
esac
### nginx htaccess equivalent message
echo "if you are using nginx please read the docs about how to disable access to certain files and folders.\nyou might add a location block to the beginning of your site config as follows:"
echo -e " location ~* (env|log|json) {\n deny all;\n return 404;\n }"
read -p "do you wish to enable result return? [y/N]: " returnip
echo ""
if [[ ${returnip,,::1} == "y" ]]
then
#echo "enabling return ip"
returnip="true"
else
#echo "disabling return ip"
returnip="false"
fi
read -p "do you want to allow creation of new entries on the fly? [y/N]: " allowcreate
echo ""
if [[ ${allowcreate,,::1} == "y" ]]
then
#echo "enabling return ip"
allowcreate="true"
else
#echo "disabling return ip"
allowcreate="false"
fi
read -p "do you want to restrict updates to a specific domain entry? [Y/n]: " restrictdomain
echo ""
if [[ ${restrictdomain,,::1} == "n" ]]
then
restrictdomain="false"
else
restrictdomain="true"
echo "enter the FQDN you want to restrict updates to. If you are using third\
level domains, e.g. nas.home.example.com you should only enter example.com"
echo "use the \"host\" variable for nas.home in that case."
echo ""
read -p "domain or FQDN: " domain
echo ""
read -p "host if third level domain: " host
echo ""
fi
### create the .env file
if [ -f $envfile ]
then
echo "${envfile} already exists!"
read -p "overwrite? [y/N]: " overwrite
echo ""
if [[ ! ${overwrite,,::1} == y ]]
then
echo "script cancelled. exiting"
echo ""
exit 1
fi
fi
touch $envfile
echo "# file created at $(date)" >$envfile
echo "# by configuration script version ${scriptversion}" >> $envfile
echo "username=\"${user}\"" >> $envfile
echo "password=\"${pass}\"" >> $envfile
echo "apiKey=\"${apikey}\"" >> $envfile
echo "apiPassword=\"${apipass}\"" >> $envfile
echo "customerId=\"${custid}\"" >> $envfile
echo "debug=${debug}" >> $envfile
echo "log=${log}" >> $envfile
echo "logFile=${logfile}" >> $envfile
echo "returnIp=${returnip}" >> $envfile
echo "allowCreate=${allowcreate}" >> $envfile
echo "restrictDomain=${restrictdomain}" >> $envfile
if [ ! -z ${domain} ]
then
echo "domain=${domain}" >> $envfile
fi
if [ ! -z ${host} ]
then
echo "host=${host}" >> $envfile
fi
echo "created .env file at: ${envfile}"
echo ""

4
.htaccess.example
View file

@ -1,4 +0,0 @@
<FilesMatch "\.(env|json)$">
Order allow,deny
Deny from all
</FilesMatch>

14
Dockerfile
View file

@ -1,12 +1,10 @@
FROM serversideup/php:8.3-fpm-nginx-alpine FROM serversideup/php:8.3-fpm-nginx-alpine
USER root USER root
RUN mkdir -p /var/www/html/src &&\ RUN mkdir -p /var/www/html/public/src &&\
install-php-extensions soap install-php-extensions soap
USER www-data USER www-data
COPY --chown=www-data:www-data ./default.conf /etc/nginx/conf.d/default.conf WORKDIR /var/www/html/public
COPY --chown=www-data:www-data ./data/src/ /var/www/html/src COPY --chown=www-data:www-data ./data/src/ /var/www/html/public/src
COPY --chown=www-data:www-data ./data/update.php /var/www/html COPY --chown=www-data:www-data ./data/update.php /var/www/html/public
COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/.env COPY --chown=www-data:www-data ./data/.env.dist /var/www/html/public/.env
VOLUME /var/www/html HEALTHCHECK --interval= --timeout=5s --start-period=10s CMD curl --insecure --silent --location --show-error --fail http://localhost:8080$HEALTHCHECK_PATH || exit 1
WORKDIR /var/www/html
EXPOSE 80

35
README.md
View file

@ -1,5 +1,5 @@
# ownDynDNS # ownDynDNS
Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM FRITZ!Box Self-hosted dynamic DNS php-based Docker container to update netcup DNS API from consumer routers etc.
## Authors ## Authors
* Felix Kretschmer [@fernwerker](https://github.com/fernwerker) * Felix Kretschmer [@fernwerker](https://github.com/fernwerker)
@ -8,38 +8,11 @@ Self-hosted dynamic DNS php script to update netcup DNS API from Router like AVM
* Nils Blume [@niiwiicamo](https://github.com/niiwiicamo) * Nils Blume [@niiwiicamo](https://github.com/niiwiicamo)
## Usage ## Usage
### Install using configure scripts
* Copy `update.php`, `src/*`, `.env.dist`, `.configure.sh` and `.configure-endpoints.sh` to your webspace
* If you want multiple endpoints use .configure-endpoints.sh
* If you want a single endpoint use .configure.sh
### Manual Installation ### docker-compose.yaml
* Copy all files to your webspace ```
* If you want multiple endpoints that each can only update one domain look at the mydomain folder.<br>
The update URL would be https://`url`/mydomain/update.php?(...)
* create a copy of `.env.dist` as `.env` and configure:
Parameter | Example | Explanation
---: | :--- | :---
`username` | dnsupdater | The username for your Router to authenticate (so not everyone can update your DNS)
`password` | secretpleasechange | password for your Router
`apiKey` | 18neqwd91e21onei1p23841 | API key which is generated in netcup CCP
`apiPassword` | 82jewqde9m30 | API password which is generated in netcup CCP
`customerId` | 12345 | your netcup Customer ID
`log` | `true` / false | enables logging
`logFile` | log.json | configures logfile location if enabled
`debug` | true / `false` | enables debug mode and generates more output from update.php (normal operation has no output). Needed to receive stack traces from errors.
`returnIp` | `true` / false | enables return of result if a record was changed
`allowCreate` | true/`false` | allows creation of entries if parameter `create=true` in URL
`restrictDomain` | true / `false` | allows admin to restrict the domain to update to a given value `domain` and/or `host`. See URL parameters for host parameter explanation
`allowNetcupCreds` | true / `false` | allows the user to pass netcup credentials directly via the URL. URL creds will be preferred if any still exist in .env file
`allowAnonymous` | true / `false` | allows anonymous login, recommended only if you do not store any credentials and disable logging
* alternatively you can use .configure.sh to create your .env file for you (if you are on a *NIX system)
* Create each host record in your netcup CCP (DNS settings) before using the script. <s>The script does not create any missing records.</s><br>
You can now set `allowCreate=true` in .env and pass `create=true` as URL parameter to create entries on the fly.
```
## URL possible uses: ## URL possible uses:
### Required parameters in URL: ### Required parameters in URL:

13
default.conf
View file

@ -1,13 +0,0 @@
server {
listen 0.0.0.0:80;
root /var/www/html;
location / {
return 302 https://github.com/NiiWiiCamo/ownDynDNS;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
}

39
docker-compose.yml
View file

@ -1,23 +1,20 @@
version: "3"
services: services:
owndyndns:
nginx: container_name: dyndns
build: image: niiwiicamo/owndyndns
context: . environment:
dockerfile: nginx/Dockerfile DDNS_USER: changeme
DDNS_PASS: changeme
NETCUP_APIKEY: 12345asdf
NETCUP_APIPASS: asdf12345
NETCUP_CUSTOMERID: 01234
DDNS_DEBUG: 0 # optional, default: 0
DDNS_LOG: 0 # optional, default: 1
# DDNS_LOGFILE: log.json # optional, default: log.json
DDNS_RETURNIP: 0 # optional, default: 1
DDNS_ALLOWCREATE: 1 # optional, default: 0
# DDNS_RESTRICTDOMAIN: 0 # optional, default: 0
# DDNS_FORCEDDOMAIN: example.net # optional, default empty
# DDNS_FORCEDHOST: hostname # optional, default empty
ports: ports:
- "8180:80" - 8080:8080
volumes:
- data:/var/www/html
php:
build:
context: .
dockerfile: php/Dockerfile
depends_on:
- nginx
volumes:
- data:/var/www/html
volumes:
data:

67
examples/multisite.md
View file

@ -1,67 +0,0 @@
# Multiple Endpoints with separate credentials
For advanced use you might want to have separate users that can each only update one domain entry.
In that case it might be beneficial to habe multiple endpoints, e.g. `https://dyndns.example.com/endpointN/update.php` where endpointN is any directory name you wish.
## Setting up multiple endpoints
The directory structure of your webroot might look like this:
<pre>
├── index.html
├── src
│ ├── Config.php
│ ├── Handler.php
│ ├── Payload.php
│ └── Soap.php
├── fritzbox # this is a subdomain
│ ├── .env
│ └── update.php
├── nas # this is another
│ ├── .env
│ └── update.php
├── examplenet # uses another netcup account
│ ├── .env
│ └── update.php
└── subdomain1 # and another subdomain
├── .env
└── update.php
</pre>
Here the update.php files are copied from the mydomain example directory. All .env files contain different user credentials and may even use different netcup credentials.
## Setting up domain restrictions per .env file
It is nice to have multiple sets of credentials, but if anyone can update any entry of any domain this defeats the purpose.
That is why you can enable domain restriction per .env file and thereby per set of user credentials.
In these cases you the domain you send in your url will be ignored in favour of the one configured in the .env file. <b>You still need to send a placeholder for validation purposes.</b>
Example .env file for fritzbox.example.com.<br>
Callable by: `https://dyndns.example.com/fritzbox/update.php?user=fritzbox&password=changeme&domain=placeholder&ipv4=1.2.3.4`
<pre>
username="fritzbox"
password="changemeplease"
apiKey="j1meo213em823jd2q9"
apiPassword="12345secret"
customerId="12345"
debug=false
log=true
logFile=/var/log/dnsupdater/fritzbox.json
restrictDomain=true
domain=fritzbox.example.com
</pre>
Example .env file for nas.home.example.com.<br>
Callable by: `https://dyndns.example.com/nas/update.php?user=nas&password=changeme&domain=placeholder&ipv4=1.2.3.4`
<pre>
username="nas"
password="changemeplease"
apiKey="j1meo213em823jd2q9"
apiPassword="12345secret"
customerId="12345"
debug=false
log=true
logFile=/var/log/dnsupdater/nas.json
restrictDomain=true
domain=example.com # for explicit use of third-level domain
host=nas.home # we use the optional host parameter
</pre>

12
examples/mydomain/.env.dist
View file

@ -1,12 +0,0 @@
username="only-mydomain"
password="changemeplease"
apiKey="netcup DNS API Key"
apiPassword="netcup DNS API Password"
customerId="netcup customer ID"
debug=false
log=true
logFile=mydomain.json
returnIp=true
allowCreate=false
restrictDomain=true
domain="mydomain.example.com"

20
examples/mydomain/update.php
View file

@ -1,20 +0,0 @@
<?php
error_reporting(-1);
ini_set('display_errors', 1);
ini_set('html_errors', 0);
header('Content-Type: text/plain; charset=utf-8');
require_once __DIR__ . '/../src/Soap.php';
require_once __DIR__ . '/../src/Config.php';
require_once __DIR__ . '/../src/Payload.php';
require_once __DIR__ . '/../src/Handler.php';
if (!file_exists('.env')) {
throw new RuntimeException('.env file missing');
}
$config = parse_ini_file('.env', false, INI_SCANNER_TYPED);
(new netcup\DNS\API\Handler($config, $_REQUEST))->doRun();

54
examples/nginx-server-block.conf
View file

@ -1,54 +0,0 @@
#
# This assumes you already have the html { block configured
#
server {
listen 80; # highly recommend to use 443 and ssl, look into using certbot
server_name dyndns.example.com;
root /var/www/dnydns.example.com;
# if you are using a dedicated site remove everythin except update.php
# update.php;
update.php index index.html index.htm index.nginx-debian.html index.php;
# deny all access to any file containing "env", "log" or "json"
# returns 404 as if file did not exist
location ~* (env|log|json) {
deny all;
return 404;
}
# deny access to any file .ht* like .htaccess or .htpasswd
location ~ /\.ht {
deny all;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
# FastCGI config, might be in another file that is included
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
}

26
examples/update-dyndns.sh
View file

@ -1,26 +0,0 @@
#!/usr/bin/env bash
# you can run this script from **ix bases device to update (different) Records
USER="max_mustermann"
PASS="s3cr3t"
DOMAIN="my-home-nas.de"
#DOMAIN="nas.my-home.de"
SCRIPT="https://<url of your webspace>/update.php"
FORCE=0
MODE="both" # can be undefined, "@", "*" or "both"
IPV4=$(curl -4 -q v4.ident.me)
IPV6=$(curl -6 -q v6.ident.me)
echo ${IPV4}
echo ${IPV6}
# PAYLOAD_IPV4="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&domain=${DOMAIN}&mode=${MODE}"
# curl -X POST --data "${PAYLOAD_IPV4}" ${SCRIPT}
# PAYLOAD_IPV6="force=${FORCE}&user=${USER}&password=${PASS}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE"}
# curl -X POST --data "${PAYLOAD_IPV6}" ${SCRIPT}
PAYLOAD_BOTH="force=${FORCE}&user=${USER}&password=${PASS}&ipv4=${IPV4}&ipv6=${IPV6}&domain=${DOMAIN}&mode=${MODE}"
curl -X POST --data "${PAYLOAD_BOTH}" ${SCRIPT}