starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 12:55:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #263] Whitelisted domains only #133

New issue
Open
opened 2026-03-13 15:52:51 +03:00 by kerem · 4 comments
kerem commented 2026-03-13 15:52:51 +03:00
Owner
Copy link

Originally created by @saudiqbal on GitHub (May 20, 2021).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/263

Is it possible to only register domains in a white list only? Like
whitelist_domain = ["domain.com, domain.org"]

Originally created by @saudiqbal on GitHub (May 20, 2021). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/263 Is it possible to only register domains in a white list only? Like `whitelist_domain = ["domain.com, domain.org"]`
kerem commented 2026-03-13 15:52:57 +03:00
Author
Owner
Copy link

@webprofusion-chrisc commented on GitHub (May 20, 2021):

The standard /register/ endpoint doesn't actually know your domain, so currently you couldn't whitelist domains in standard acme-dns.

If the objective is to limit registrations to certain authorised users:

<!-- gh-comment-id:844753161 --> @webprofusion-chrisc commented on GitHub (May 20, 2021): The standard /register/ endpoint doesn't actually know your domain, so currently you couldn't whitelist domains in standard acme-dns. If the objective is to limit registrations to certain authorised users: - You can however run a proxy (any web server or proxying service) in front of the API and require basic authentication, like https://user:password@your-acme-dns.server/register - that does depend on the acme-dns client being compatible though as it then has to convert those into an `Authorization: Basic <base64credentials>` http header. Some do this automatically. - Another alternative is to put a key in the URL https://your-acme-dns.server/ABC123KEY/register
kerem commented 2026-03-13 15:53:02 +03:00
Author
Owner
Copy link

@saudiqbal commented on GitHub (May 20, 2021):

Thanks, I like the idea of using a key in the url, can you explain where do I set the value ABC123KEY, I cannot find any documentation for where to set it.

<!-- gh-comment-id:845352098 --> @saudiqbal commented on GitHub (May 20, 2021): Thanks, I like the idea of using a key in the url, can you explain where do I set the value ABC123KEY, I cannot find any documentation for where to set it.
kerem commented 2026-03-13 15:53:07 +03:00
Author
Owner
Copy link

@saudiqbal commented on GitHub (Sep 18, 2023):

It would be nice to set a variable in config to define a key in the URL $key as https://your-acme-dns.server/$key/register

<!-- gh-comment-id:1723090922 --> @saudiqbal commented on GitHub (Sep 18, 2023): It would be nice to set a variable in config to define a key in the URL $key as https://your-acme-dns.server/$key/register
kerem commented 2026-03-13 15:53:12 +03:00
Author
Owner
Copy link

@TomyLobo commented on GitHub (Sep 3, 2024):

Either use a firewall rule to whitelist access to acme-dns or use a reverse proxy to enforce basic auth on the /register endpoint, like @webprofusion-chrisc suggested.
We've been successfully using the firewall approach for years.

Your suggestion to make the registration endpoint configurable complicates the manual, adds maintenance burden and is less secure than the two already supported measures I listed.
The PR you are asking the maintainers to merge is lacking test cases for the proposed changes and doesn't update the manual either.

If you're concerned about scans, I'd suggest you to set up a firewall or an nginx reverse proxy to protect your acme-dns instance.
I'm confident that anyone could have learned how to do that in the almost 3 years you've been commenting about this on various issue threads.

<!-- gh-comment-id:2326190180 --> @TomyLobo commented on GitHub (Sep 3, 2024): Either use a firewall rule to whitelist access to acme-dns or use a reverse proxy to enforce basic auth on the /register endpoint, like @webprofusion-chrisc suggested. We've been successfully using the firewall approach for years. Your suggestion to make the registration endpoint configurable complicates the manual, adds maintenance burden and is less secure than the two already supported measures I listed. The PR you are asking the maintainers to merge is lacking test cases for the proposed changes and doesn't update the manual either. If you're concerned about scans, I'd suggest you to set up a firewall or an nginx reverse proxy to protect your acme-dns instance. I'm confident that anyone could have learned how to do that in the almost 3 years you've been commenting about this on various issue threads.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#133
No description provided.