updated the documentation and validation for DDNS settings
This commit is contained in:
		
							parent
							
								
									cfaa8d4959
								
							
						
					
					
						commit
						6b2b91ba26
					
				
							
								
								
									
										47
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										47
									
								
								README.md
									
									
									
									
									
								
							| @ -403,17 +403,50 @@ tunnel_server: | ||||
|     - 'api.tunnel.example.com' | ||||
| ``` | ||||
| 
 | ||||
| ### tunnel | ||||
| ### DDNS | ||||
| 
 | ||||
| The tunnel client is meant to be run from behind a firewalls, carrier-grade NAT, | ||||
| or otherwise inaccessible devices to allow them to be accessed publicly on the | ||||
| internet. | ||||
| The DDNS module watches the network environment of the unit and makes sure the | ||||
| device is always accessible on the internet using the domains listed in the | ||||
| config. If the device has a public address or if it can automatically set up | ||||
| port forwarding the device will periodically check its public address to ensure | ||||
| the DNS records always point to it. Otherwise it will to connect to a tunnel | ||||
| server and set the DNS records to point to that server. | ||||
| 
 | ||||
| ### ddns | ||||
| The `loopback` setting specifies how the unit will check its public IP address | ||||
| and whether connections can reach it. Currently only `tunnel@oauth3.org` is | ||||
| supported. If the loopback setting is not defined it will default to using | ||||
| `oauth3.org`. | ||||
| 
 | ||||
| TODO | ||||
| The `tunnel` setting can be used to specify how to connect to the tunnel. | ||||
| Currently only `tunnel@oauth3.org` is supported. The token specified in the | ||||
| `tunnel` setting will be used to acquire the tokens that are used directly with | ||||
| the tunnel server. If the tunnel setting is not defined it will default to try | ||||
| using the tokens in the modules for the relevant domains. | ||||
| 
 | ||||
| ### mdns | ||||
| If a particular DDNS module has been disabled the device will still try to set | ||||
| up port forwarding (and connect to a tunnel if that doesn't work), but the DNS | ||||
| records will not be updated to point to the device. This is to allow a setup to | ||||
| be tested before transitioning services between devices. | ||||
| 
 | ||||
| ```yaml | ||||
| ddns: | ||||
|   disabled: false | ||||
|   loopback: | ||||
|     type: 'tunnel@oauth3.org' | ||||
|     domain: oauth3.org | ||||
|   tunnel: | ||||
|     type: 'tunnel@oauth3.org' | ||||
|     token: user_token_id | ||||
|   modules: | ||||
|     - type: 'dns@oauth3.org' | ||||
|       token: user_token_id | ||||
|       domains: | ||||
|         - www.example.com | ||||
|         - api.example.com | ||||
|         - test.example.com | ||||
| ``` | ||||
| 
 | ||||
| ### mDNS | ||||
| 
 | ||||
| enabled by default | ||||
| 
 | ||||
|  | ||||
| @ -311,7 +311,6 @@ function fillConfig(config, args) { | ||||
|   config.debug = config.debug || args.debug; | ||||
| 
 | ||||
|   config.socks5 = config.socks5 || { enabled: false }; | ||||
|   config.ddns   = config.ddns   || { enabled: false }; | ||||
| 
 | ||||
|   // Use Object.assign to copy any real config values over the default values so we can
 | ||||
|   // easily make sure all the fields we need exist .
 | ||||
| @ -338,6 +337,7 @@ function fillConfig(config, args) { | ||||
|   fillComponent('tcp',   true); | ||||
|   fillComponent('http',  false); | ||||
|   fillComponent('tls',   false); | ||||
|   fillComponent('ddns',  false); | ||||
| 
 | ||||
|   config.device = { hostname: require('os').hostname() }; | ||||
| 
 | ||||
|  | ||||
| @ -91,7 +91,15 @@ tunnel_server: | ||||
|     - 'tunnel.localhost.com' | ||||
| 
 | ||||
| ddns: | ||||
|   enabled: true | ||||
|   loopback: | ||||
|     type: 'tunnel@oauth3.org' | ||||
|     domain: oauth3.org | ||||
|   tunnel: | ||||
|     type: 'tunnel@oauth3.org' | ||||
|     token: user_token_id | ||||
|   modules: | ||||
|     - type: 'dns@oauth3.org' | ||||
|       token: user_token_id | ||||
|       domains: | ||||
|         - www.example.com | ||||
|         - api.example.com | ||||
|  | ||||
| @ -48,6 +48,16 @@ var moduleSchemas = { | ||||
|     , challenge_type: { type: 'string' } | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   // the dns control modules for DDNS
 | ||||
| , dns_oauth3_org: { | ||||
|     name: 'dns@oauth3.org' | ||||
|   , type: 'object' | ||||
|   , required: [ 'token' ] | ||||
|   , properties: { | ||||
|       token: { type: 'string' } | ||||
|     } | ||||
|   } | ||||
| }; | ||||
| // forward is basically the same as proxy, but specifies the relevant incoming port(s).
 | ||||
| // only allows for the raw transport layers (TCP/UDP)
 | ||||
| @ -57,6 +67,10 @@ moduleSchemas.forward.properties.ports = { type: 'array', items: portSchema }; | ||||
| 
 | ||||
| Object.keys(moduleSchemas).forEach(function (name) { | ||||
|   var schema = moduleSchemas[name]; | ||||
|   if (schema.name) { | ||||
|     name = schema.name; | ||||
|     delete schema.name; | ||||
|   } | ||||
|   schema.id = '/modules/'+name; | ||||
|   schema.required = ['id', 'type'].concat(schema.required || []); | ||||
|   schema.properties.id   = { type: 'string' }; | ||||
| @ -72,12 +86,13 @@ var moduleRefs = { | ||||
| , tls:  [ 'proxy', 'acme' ].map(toSchemaRef) | ||||
| , tcp:  [ 'forward' ].map(toSchemaRef) | ||||
| , udp:  [ 'forward' ].map(toSchemaRef) | ||||
| , ddns: [ 'dns@oauth3.org' ].map(toSchemaRef) | ||||
| }; | ||||
| 
 | ||||
| function addDomainRequirement(itemSchema) { | ||||
|   itemSchema.required = (itemSchema.required || []).concat('domains'); | ||||
|   itemSchema.properties = itemSchema.properties || {}; | ||||
|   itemSchema.domains = { type: 'array', items: { type: 'string' }, minLength: 1}; | ||||
|   itemSchema.properties.domains = { type: 'array', items: { type: 'string' }, minLength: 1}; | ||||
|   return itemSchema; | ||||
| } | ||||
| 
 | ||||
| @ -93,6 +108,7 @@ var domainSchema = { | ||||
|       , properties: { | ||||
|           tls:  { type: 'array', items: { oneOf: moduleRefs.tls }} | ||||
|         , http: { type: 'array', items: { oneOf: moduleRefs.http }} | ||||
|         , ddns: { type: 'array', items: { oneOf: moduleRefs.ddns }} | ||||
|         } | ||||
|       , additionalProperties: false | ||||
|       } | ||||
| @ -158,7 +174,23 @@ var mdnsSchema = { | ||||
| var ddnsSchema = { | ||||
|   type: 'object' | ||||
| , properties: { | ||||
|     enabled: { type: 'boolean' } | ||||
|     loopback: { | ||||
|       type: 'object' | ||||
|     , required: [ 'type', 'domain' ] | ||||
|     , properties: { | ||||
|         type:   { type: 'string', const: 'tunnel@oauth3.org' } | ||||
|       , domain: { type: 'string'} | ||||
|       } | ||||
|     } | ||||
|   , tunnel: { | ||||
|       type: 'object' | ||||
|     , required: [ 'type', 'token' ] | ||||
|     , properties: { | ||||
|         type:  { type: 'string', const: 'tunnel@oauth3.org' } | ||||
|       , token: { type: 'string'} | ||||
|       } | ||||
|     } | ||||
|   , modules: { type: 'array', items: { oneOf: moduleRefs.ddns }} | ||||
|   } | ||||
| }; | ||||
| var socks5Schema = { | ||||
| @ -265,6 +297,7 @@ class DomainList extends IdList { | ||||
|       dom.modules = { | ||||
|         http: new ModuleList((dom.modules || {}).http) | ||||
|       , tls:  new ModuleList((dom.modules || {}).tls) | ||||
|       , ddns: new ModuleList((dom.modules || {}).ddns) | ||||
|       }; | ||||
|     }); | ||||
|   } | ||||
| @ -280,14 +313,16 @@ class DomainList extends IdList { | ||||
|     var modLists = { | ||||
|       http: new ModuleList() | ||||
|     , tls:  new ModuleList() | ||||
|     , ddns: new ModuleList() | ||||
|     }; | ||||
|     // We add these after instead of in the constructor to run the validation and manipulation
 | ||||
|     // in the ModList add function since these are all new modules.
 | ||||
|     if (dom.modules && Array.isArray(dom.modules.http)) { | ||||
|       dom.modules.http.forEach(modLists.http.add, modLists.http); | ||||
|     if (dom.modules) { | ||||
|       Object.keys(modLists).forEach(function (key) { | ||||
|         if (Array.isArray(dom.modules[key])) { | ||||
|           dom.modules[key].forEach(modLists[key].add, modLists[key]); | ||||
|         } | ||||
|     if (dom.modules && Array.isArray(dom.modules.tls)) { | ||||
|       dom.modules.tls.forEach(modLists.tls.add, modLists.tls); | ||||
|       }); | ||||
|     } | ||||
| 
 | ||||
|     dom.id = require('crypto').randomBytes(4).toString('hex'); | ||||
| @ -306,6 +341,7 @@ class ConfigChanger { | ||||
|     this.tls.modules  = new ModuleList(this.tls.modules); | ||||
|     this.tcp.modules  = new ModuleList(this.tcp.modules); | ||||
|     this.udp.modules  = new ModuleList(this.udp.modules); | ||||
|     this.ddns.modules = new ModuleList(this.ddns.modules); | ||||
|   } | ||||
| 
 | ||||
|   update(update) { | ||||
| @ -314,7 +350,7 @@ class ConfigChanger { | ||||
|     if (update.domains) { | ||||
|       update.domains.forEach(self.domains.add, self.domains); | ||||
|     } | ||||
|     [ 'http', 'tls', 'tcp', 'udp' ].forEach(function (name) { | ||||
|     [ 'http', 'tls', 'tcp', 'udp', 'ddns' ].forEach(function (name) { | ||||
|       if (update[name] && update[name].modules) { | ||||
|         update[name].modules.forEach(self[name].modules.add, self[name].modules); | ||||
|         delete update[name].modules; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user