Please accept the PR for making registration endpoint configurable #345
Comments
|
You don't need to publicly expose the API. You could use basic auth or IP lists to only allow certain IPs to connect to the API. |
|
The problem with basic auth is that it uses md5 which is outdated and there is no rate limiting with basic auth. It would be nice to have a private registration endpoint. |
|
There are numerous other ways to keep the endpoint secure (which require 0 code changes to this project). You can put acme-dns on the same server as your let's encrypt client (e.g. traefik and acme-dns in 2 containers in docker), such that you don't need it to be exposed anywhere, or you can use a reverse proxy/firewall/etc. to whitelist IPs. (Not to mention vpns and so on) |
|
There's nothing wrong with using md5 in the context of basic auth. If you use a long, random password, none of the documented weaknesses of md5 will impact you. Additionally, it's easy enough to add rate limiting for basic auth (or indeed the entire service) in nginx. |
Please accept #109 into acme-dns which accomplishes my request to allow whitelisted domains only #263
Bots are attacking online services and abusing them all the time. It would be nice to have this function added to acme-dns. It is not a big change to the code but helps those who want limit the registration of domains.
The text was updated successfully, but these errors were encountered: