Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: update wildcard certificate documentation to clarify DNS challenge requirement

Browse source
This commit is contained in:
Théophile Diot 2024-11-15 17:28:40 +01:00
parent a1f42dd944
commit a94d7c7a97
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
5 changed files with 104 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/security-tuning.md
View file

@ -166,7 +166,7 @@ Here is the list of related settings :
| `LETS_ENCRYPT_DNS_PROVIDER` | | The DNS provider to use for DNS challenges. |
| `LETS_ENCRYPT_DNS_PROPAGATION` | `default` | The time to wait for DNS propagation in seconds for DNS challenges. |
| `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` | | Configuration item that will be added to the credentials.ini file for the DNS provider (e.g. 'cloudflare_api_token 123456') for DNS challenges. |
| `USE_LETS_ENCRYPT_WILDCARD` | `no` | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. |
| `USE_LETS_ENCRYPT_WILDCARD` | `no` | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges) |
| `USE_LETS_ENCRYPT_STAGING` | `no` | Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment. |
| `LETS_ENCRYPT_CLEAR_OLD_CERTS` | `no` | Clear old certificates when renewing. |
@ -175,6 +175,9 @@ Here is the list of related settings :
- If no `LETS_ENCRYPT_DNS_PROPAGATION` setting is set, the provider's default propagation time will be used.
!!! warning "Wildcard certificates"
Wildcard certificates are only available with DNS challenges. If you want to use them, you will need to set the `USE_LETS_ENCRYPT_WILDCARD` setting to `yes`.
**Available DNS Providers**
| Provider | Description | Mandatory Settings | Link(s) |

2
docs/settings.md
View file

@ -368,7 +368,7 @@ Automatic creation, renewal and configuration of Let's Encrypt certificates.
| `LETS_ENCRYPT_DNS_PROVIDER` | | multisite | no | The DNS provider to use for DNS challenges. |
| `LETS_ENCRYPT_DNS_PROPAGATION` | `default` | multisite | no | The time to wait for DNS propagation in seconds for DNS challenges. |
| `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` | | multisite | yes | Configuration item that will be added to the credentials.ini file for the DNS provider (e.g. 'cloudflare_api_token 123456') for DNS challenges. |
| `USE_LETS_ENCRYPT_WILDCARD` | `no` | multisite | no | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. |
| `USE_LETS_ENCRYPT_WILDCARD` | `no` | multisite | no | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges) |
| `USE_LETS_ENCRYPT_STAGING` | `no` | multisite | no | Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment. |
| `LETS_ENCRYPT_CLEAR_OLD_CERTS` | `no` | global | no | Clear old certificates when renewing. |

2
src/common/core/letsencrypt/plugin.json
View file

@ -81,7 +81,7 @@
"USE_LETS_ENCRYPT_WILDCARD": {
"context": "multisite",
"default": "no",
"help": "Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains.",
"help": "Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges)",
"id": "use-lets-encrypt-wildcard",
"label": "Wildcard Certificates",
"regex": "^(yes|no)$",

86
src/ui/app/static/js/pages/setup.js
View file

@ -719,6 +719,92 @@ $(document).ready(() => {
// }
// });
$("#LETS_ENCRYPT_CHALLENGE").on("change", function () {
const challenge = $(this).find(":selected").val();
const $wildcardCheckbox = $("#USE_LETS_ENCRYPT_WILDCARD");
const $dnsProvider = $("#LETS_ENCRYPT_DNS_PROVIDER");
const $dnsPropagation = $("#LETS_ENCRYPT_DNS_PROPAGATION");
const $dnsCredentialItems = $("#LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS");
if (challenge === "http") {
$wildcardCheckbox.prop("checked", false).prop("disabled", true);
$wildcardCheckbox
.closest(".col-4")
.attr("data-bs-toggle", "tooltip")
.attr("data-bs-placement", "top")
.attr(
"data-bs-original-title",
"Wildcard certificates are only supported with DNS challenges.",
)
.tooltip();
$dnsProvider.prop("disabled", true);
$dnsProvider
.parent()
.attr("data-bs-toggle", "tooltip")
.attr("data-bs-placement", "top")
.attr(
"data-bs-original-title",
"DNS provider is only supported with DNS challenges.",
)
.tooltip();
$dnsPropagation.prop("disabled", true);
$dnsPropagation
.parent()
.attr("data-bs-toggle", "tooltip")
.attr("data-bs-placement", "top")
.attr(
"data-bs-original-title",
"DNS propagation is only supported with DNS challenges.",
)
.tooltip();
$dnsCredentialItems.prop("disabled", true);
$dnsCredentialItems
.parent()
.attr("data-bs-toggle", "tooltip")
.attr("data-bs-placement", "top")
.attr(
"data-bs-original-title",
"Credentials are only supported with DNS challenges",
)
.tooltip();
} else {
$wildcardCheckbox.prop("disabled", false);
$wildcardCheckbox
.closest(".col-4")
.attr("data-bs-toggle", null)
.attr("data-bs-placement", null)
.attr("data-bs-original-title", null)
.tooltip("dispose");
$dnsProvider.prop("disabled", false);
$dnsProvider
.parent()
.attr("data-bs-toggle", null)
.attr("data-bs-placement", null)
.attr("data-bs-original-title", null)
.tooltip("dispose");
$dnsPropagation.prop("disabled", false);
$dnsPropagation
.parent()
.attr("data-bs-toggle", null)
.attr("data-bs-placement", null)
.attr("data-bs-original-title", null)
.tooltip("dispose");
$dnsCredentialItems.prop("disabled", false);
$dnsCredentialItems
.parent()
.attr("data-bs-toggle", null)
.attr("data-bs-placement", null)
.attr("data-bs-original-title", null)
.tooltip("dispose");
}
});
// Before Unload Event to Warn Users About Unsaved Changes
$window.on("beforeunload", function (e) {
const message =

20
src/ui/app/templates/setup.html
View file

@ -459,7 +459,7 @@
{% if lets_encrypt_staging == "yes" %}checked{% endif %} />
</div>
</div>
<div class="col-4 pb-3">
<div class="col-4 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="Wildcard certificates are only supported with DNS challenges."{% endif %}>
<div class="d-flex justify-content-between align-items-center">
<label id="label-USE_LETS_ENCRYPT_WILDCARD"
for="USE_LETS_ENCRYPT_WILDCARD"
@ -490,7 +490,8 @@
type="checkbox"
role="switch"
aria-labelledby="label-USE_LETS_ENCRYPT_WILDCARD"
{% if lets_encrypt_wildcard == "yes" %}checked{% endif %} />
{% if lets_encrypt_wildcard == "yes" %}checked{% endif %}
{% if lets_encrypt_challenge == 'http' %}disabled{% endif %}/>
</div>
</div>
<div class="col-md-6 pb-3">
@ -563,7 +564,7 @@
</option>
</select>
</div>
<div class="col-md-6 pb-3">
<div class="col-md-6 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="DNS provider is only supported with DNS challenges."{% endif %}>
<div class="d-flex justify-content-between align-items-center">
<label id="label-LETS_ENCRYPT_DNS_PROVIDER"
for="LETS_ENCRYPT_DNS_PROVIDER"
@ -590,7 +591,8 @@
<select id="LETS_ENCRYPT_DNS_PROVIDER"
name="LETS_ENCRYPT_DNS_PROVIDER"
class="form-select mt-1"
aria-labelledby="label-LETS_ENCRYPT_DNS_PROVIDER">
aria-labelledby="label-LETS_ENCRYPT_DNS_PROVIDER"
{% if lets_encrypt_challenge == 'http' %}disabled{% endif %}>
<option value="" {% if not lets_encrypt_dns_provider %}selected{% endif %}></option>
<option value="cloudflare"
{% if lets_encrypt_dns_provider == "cloudflare" %}selected{% endif %}>
@ -650,7 +652,7 @@
</option>
</select>
</div>
<div class="col-md-6 pb-3">
<div class="col-md-6 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="DNS propagation is only supported with DNS challenges."{% endif %}>
<div class="d-flex justify-content-between align-items-center">
<label id="label-LETS_ENCRYPT_DNS_PROPAGATION"
for="LETS_ENCRYPT_DNS_PROPAGATION"
@ -680,9 +682,10 @@
value="{{ lets_encrypt_dns_propagation }}"
class="form-control plugin-setting mt-1"
aria-labelledby="label-LETS_ENCRYPT_DNS_PROPAGATION"
pattern="^(default|\d+)$" />
pattern="^(default|\d+)$"
{% if lets_encrypt_challenge == 'http' %}disabled{% endif %} />
</div>
<div class="col-12 pb-3">
<div class="col-12 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="Credentials are only supported with DNS challenges."{% endif %}>
<div class="d-flex justify-content-between align-items-center">
<label id="label-LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
for="LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
@ -702,7 +705,8 @@
name="LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
class="form-control plugin-setting mt-1"
aria-labelledby="label-LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
pattern="^.*$"></textarea>
pattern="^.*$"
{% if lets_encrypt_challenge == 'http' %}disabled{% endif %}></textarea>
</div>
<h6 class="mt-2 mb-2 fw-bold">Custom certificate</h6>
<div class="col-12 col-md-2 pb-3">