Skip to content

0xFelix/hetzner-dnsapi-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

131 Commits
.github
.github
 
 
pkg
pkg
 
 
tests
tests
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
AGENTS.md
AGENTS.md
 
 
CLAUDE.md
CLAUDE.md
 
 
Containerfile
Containerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

hetzner-dnsapi-proxy

hetzner-dnsapi-proxy proxies DNS API update requests to the Hetzner Cloud API.

Note: Support for the old Hetzner DNS API has been removed since it has been shut down. If upgrading from a setup that used the old DNS API, update your API_TOKEN (or token in the config file) to a Hetzner Cloud API token. The cloudAPI config option and CLOUD_API environment variable are no longer recognized and can be removed from existing configurations.

Container image

Get the container image from ghcr.io

Supported DNS APIs

API Endpoint
lego HTTP request POST /httpreq/present
POST /httpreq/cleanup
(see https://go-acme.github.io/lego/dns/httpreq/)
ACMEDNS POST /acmedns/update
(see https://github.com/joohoi/acme-dns#update-endpoint)
DirectAdmin Legacy GET /directadmin/CMD_API_SHOW_DOMAINS
GET /directadmin/CMD_API_DNS_CONTROL (only adding A/AAAA/TXT records, everything else always returns 200 OK)
GET /directadmin/CMD_API_DOMAIN_POINTER (only a stub, always returns 200 OK)
(see https://docs.directadmin.com/developer/api/legacy-api.html and https://www.directadmin.com/features.php?id=504)
plain HTTP GET /plain/update (query params hostname and ip (can be ipv4 for A or ipv6 for AAAA records), if auth method is users then HTTP Basic auth is used)

Configuration

Configuration can be passed by environment variables or from a file (with the -c flag).

Authorization

Authorization takes place via a list of domains and ip networks allowed to update them or from a list of users. Both can be provided in a config file while when parsing the configuration from environment variables only the former is supported.

The supported authorization methods are:

  • allowedDomains: Define ip networks allowed to update specific domains or subdomains
  • users: Define users allowed to update specific domains or subdomains
  • both: Combination of allowedDomains and users, both must be satisfied
  • any: Combination of allowedDomains and users, any of the two must be satisfied

Configuration file

token: verysecrettoken
timeout: 60
auth:
  method: both
  allowedDomains:
    example.com:
      - ip: 127.0.0.1
        mask:
          - 255
          - 255
          - 255
          - 255
  users:
    - username: user
      password: pass
      domains:
        - example.com
recordTTL: 60
listenAddr: :8081
trustedProxies:
  - 127.0.0.1
debug: false

Environment variables

Variable Type Description Required Default
API_BASE_URL string Base URL of the API N https://api.hetzner.cloud/v1
API_TOKEN string Auth token for the API Y
API_TIMEOUT int Timeout for calls to the API in seconds N 15 seconds
RECORD_TTL int TTL that is set when creating/updating records N 60 seconds
ALLOWED_DOMAINS string Combination of domains and CIDRs allowed to update them, example:
example1.com,127.0.0.1/32;_acme-challenge.example2.com,127.0.0.1/32		 Y
LISTEN_ADDR string Listen address of hetzner-dnsapi-proxy N :8081
TRUSTED_PROXIES string List of trusted proxy host addresses separated by comma N Trust all proxies
DEBUG bool Output debug logs of received requests N false

About

A proxy for the Hetzner DNS and Cloud API

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages