bullion 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +2 -2
- data/lib/bullion.rb +1 -1
- data/lib/bullion/challenge_clients/dns.rb +24 -15
- data/lib/bullion/version.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8733df57bd7abe9e12c46001165fad25429956ca243f4f0a91aea4a306b59d3d
|
|
4
|
+
data.tar.gz: 91a0941eebf4e61c807301c16cfe0d9ebc1d965bfd573b8b89ad2e43a0a1206c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d61ea6623bf7c2ba97fa1e7b71712cdebaa8dc7580a6a4f7788eaf51fe92a9218e4b2f89a4a48425772f86f9e2e2af22f166b536c5d64756ccc3ed4c2db8f4d
|
|
7
|
+
data.tar.gz: 496eb52624bc02f15ce0f51833d6435d4e157c3f8ba05052231d1e50b0eb14eade65d4eb6ccc7f870d7753cdc01bc0cafcfbc3d4dccb618aeee6d3e76355d2b9
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -36,8 +36,8 @@ Whether run locally or via Docker, the following environment variables configure
|
|
|
36
36
|
| `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
|
|
37
37
|
| `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
|
|
38
38
|
| `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
|
|
39
|
-
| `DATABASE_URL` | _None_ | A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
|
40
|
-
| `DNS01_NAMESERVERS` |
|
|
39
|
+
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
|
40
|
+
| `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
|
|
41
41
|
| `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
|
|
42
42
|
| `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
|
|
43
43
|
| `MIN_THREADS` | `2` | Minimum number of [Puma](https://puma.io/) threads for processing requests. |
|
data/lib/bullion.rb
CHANGED
|
@@ -26,22 +26,31 @@ module Bullion
|
|
|
26
26
|
# Randomly select a nameserver to pull the TXT record
|
|
27
27
|
nameserver = NAMESERVERS.sample
|
|
28
28
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
29
|
+
records = records_for(name, nameserver)
|
|
30
|
+
record = records.map(&:strings).flatten.first
|
|
31
|
+
LOGGER.debug "Resolved #{name} to value #{record}"
|
|
32
|
+
record
|
|
33
|
+
rescue Resolv::ResolvError
|
|
34
|
+
msg = ["Resolution error for #{name}"]
|
|
35
|
+
msg << "via #{nameserver}" if nameserver
|
|
36
|
+
LOGGER.info msg.join(' ')
|
|
37
|
+
false
|
|
38
|
+
rescue StandardError => e
|
|
39
|
+
msg = ["Error '#{e.message}' for #{name}"]
|
|
40
|
+
msg << "with #{nameserver}" if nameserver
|
|
41
|
+
LOGGER.warn msg.join(' ')
|
|
42
|
+
false
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def records_for(name, nameserver = nil)
|
|
46
|
+
if nameserver
|
|
47
|
+
Resolv::DNS.open(nameserver: nameserver) do |dns|
|
|
48
|
+
dns.getresources(name, Resolv::DNS::Resource::IN::TXT)
|
|
49
|
+
end
|
|
50
|
+
else
|
|
51
|
+
Resolv::DNS.open do |dns|
|
|
52
|
+
dns.getresources(name, Resolv::DNS::Resource::IN::TXT)
|
|
35
53
|
end
|
|
36
|
-
record = records.map(&:strings).flatten.first
|
|
37
|
-
LOGGER.debug "Resolved #{name} to value #{record}"
|
|
38
|
-
record
|
|
39
|
-
rescue Resolv::ResolvError
|
|
40
|
-
LOGGER.info "Resolution error for #{name} via #{nameserver}"
|
|
41
|
-
false
|
|
42
|
-
rescue StandardError => e
|
|
43
|
-
LOGGER.warn "Error '#{e.message}' for #{name} with #{nameserver}"
|
|
44
|
-
false
|
|
45
54
|
end
|
|
46
55
|
end
|
|
47
56
|
end
|
data/lib/bullion/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bullion
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Gnagy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-01-
|
|
11
|
+
date: 2021-01-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: httparty
|