-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please accept the PR for making registration endpoint configurable #345
Comments
You don't need to publicly expose the API. You could use basic auth or IP lists to only allow certain IPs to connect to the API. |
The problem with basic auth is that it uses md5 which is outdated and there is no rate limiting with basic auth. It would be nice to have a private registration endpoint. |
There are numerous other ways to keep the endpoint secure (which require 0 code changes to this project). You can put acme-dns on the same server as your let's encrypt client (e.g. traefik and acme-dns in 2 containers in docker), such that you don't need it to be exposed anywhere, or you can use a reverse proxy/firewall/etc. to whitelist IPs. (Not to mention vpns and so on) |
There's nothing wrong with using md5 in the context of basic auth. If you use a long, random password, none of the documented weaknesses of md5 will impact you. Additionally, it's easy enough to add rate limiting for basic auth (or indeed the entire service) in nginx. |
Please accept #109 into acme-dns which accomplishes my request to allow whitelisted domains only #263
Bots are attacking online services and abusing them all the time. It would be nice to have this function added to acme-dns. It is not a big change to the code but helps those who want limit the registration of domains.
The text was updated successfully, but these errors were encountered: