starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 04:45:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #71] sync README with config, perhaps better docs about ips #27

New issue
Open
opened 2026-03-13 15:24:26 +03:00 by kerem · 3 comments
kerem commented 2026-03-13 15:24:26 +03:00
Owner
Copy link

Originally created by @jvanasco on GitHub (Apr 10, 2018).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/71

The readme and config differ a bit

For example, the README shows

# listen ip, default "" listens on all interfaces/addresses
ip = "127.0.0.1"

But the config was changed to be:

listen ip eg. 127.0.0.1

ip = "0.0.0.0"

i'm sure multiple default elements were changed - that's the only one I noticed from my limited knowledge of the library. the content of the README installation guide should reflect the current config options/defaults and docstrings.

In terms of docs about ips... defaulting to 127.0.0.1 is probably safest, as as it will only work from the same machine (or require a proxy on the machine) since there are not access controls in place- but many people will likely want to use 0.0.0.0 for testing. was there a reason this was changed to 0.0.0.0?

https://raw.githubusercontent.com/joohoi/acme-dns/3343d943d604be8bc0ab0830bccfb6459d1ae95c/README.md#L230-L240

https://github.com/joohoi/acme-dns/blob/master/config.cfg#L34-L39

Originally created by @jvanasco on GitHub (Apr 10, 2018). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/71 The readme and config differ a bit For example, the README shows # listen ip, default "" listens on all interfaces/addresses ip = "127.0.0.1" But the config was changed to be: # listen ip eg. 127.0.0.1 ip = "0.0.0.0" i'm sure multiple default elements were changed - that's the only one I noticed from my limited knowledge of the library. the content of the README installation guide should reflect the current config options/defaults and docstrings. In terms of docs about ips... defaulting to `127.0.0.1` is probably safest, as as it will only work from the same machine (or require a proxy on the machine) since there are not access controls in place- but many people will likely want to use `0.0.0.0` for testing. was there a reason this was changed to 0.0.0.0? https://raw.githubusercontent.com/joohoi/acme-dns/3343d943d604be8bc0ab0830bccfb6459d1ae95c/README.md#L230-L240 https://github.com/joohoi/acme-dns/blob/master/config.cfg#L34-L39
kerem commented 2026-03-13 15:24:37 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Apr 12, 2018):

Thanks for opening the issue. I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense.

This is based on the expectations this project was originally built on, the decision is in no way final, and I'm up for discussion about the matter.

The README should definitely be synced with the actual config values in the end.

<!-- gh-comment-id:380704741 --> @joohoi commented on GitHub (Apr 12, 2018): Thanks for opening the issue. I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense. This is based on the expectations this project was originally built on, the decision is in no way final, and I'm up for discussion about the matter. The README should definitely be synced with the actual config values in the end.
kerem commented 2026-03-13 15:24:42 +03:00
Author
Owner
Copy link

@jvanasco commented on GitHub (Apr 12, 2018):

The README should definitely be synced with the actual config values in the end.

This was the main motivation for this ticket.

I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense.

I agree that's the common usage, and expected the change was for that. What I failed to convey is that my concern is over the docs in strings and narratives that correspond to IP configuration. A lot of people who use this are unlikely to know the difference between localhost and the public address, and the risks/requirements involved with each. Example, for a long time Redis defaulted to 0.0.0.0 - which many people didn't expect - and glossed over that line... which lead to many servers hacked. I got burned by that when doing an update, and have been very sensitive to default listen configs ever since.

so it might make sense to use the default config as..

# listen ip. eg: 127.0.0.1 for localhost only; 0.0.0.0 for all/public address
ip = "0.0.0.0"

or even

# listen ip. eg: "127.0.0.1" for localhost only; "0.0.0.0" for all/public address
# most users will want to listen on the public address "0.0.0.0" so outside clients can access.
# if your only clients are on this machine or you have firewall rules, "127.0.0.1" may be preferred.
ip = ""
<!-- gh-comment-id:380869767 --> @jvanasco commented on GitHub (Apr 12, 2018): > The README should definitely be synced with the actual config values in the end. This was the main motivation for this ticket. > I believe most people are binding the acme-dns to a public interface. Possible access control is done on a separate layer (firewall, reverse proxy etc). This is also the reason the default value was changed, the service is designed to being accessed by multiple clients across the network, so binding to localhost as default didn't make much sense. I agree that's the common usage, and expected the change was for that. What I failed to convey is that my concern is over the docs in strings and narratives that correspond to IP configuration. A lot of people who use this are unlikely to know the difference between localhost and the public address, and the risks/requirements involved with each. Example, for a long time Redis defaulted to `0.0.0.0` - which many people didn't expect - and glossed over that line... which lead to many servers hacked. I got burned by that when doing an update, and have been very sensitive to default listen configs ever since. so it might make sense to use the default config as.. # listen ip. eg: 127.0.0.1 for localhost only; 0.0.0.0 for all/public address ip = "0.0.0.0" or even # listen ip. eg: "127.0.0.1" for localhost only; "0.0.0.0" for all/public address # most users will want to listen on the public address "0.0.0.0" so outside clients can access. # if your only clients are on this machine or you have firewall rules, "127.0.0.1" may be preferred. ip = ""
kerem commented 2026-03-13 15:24:47 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Sep 28, 2018):

README.md is now pretty much up to sync with the config.cfg, the IP clarification is still pending.

<!-- gh-comment-id:425363384 --> @joohoi commented on GitHub (Sep 28, 2018): `README.md` is now pretty much up to sync with the `config.cfg`, the IP clarification is still pending.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#27
No description provided.