From b1011c29b5c3e594b97caaf94f865ab060a30865 Mon Sep 17 00:00:00 2001 From: anonpenguin23 Date: Sat, 24 Jan 2026 09:26:31 +0200 Subject: [PATCH] added support for different domain except orama.network --- pkg/config/gateway_config.go | 1 + pkg/gateway/config.go | 3 + pkg/gateway/gateway.go | 4 + .../handlers/deployments/domain_handler.go | 7 +- .../handlers/deployments/list_handler.go | 5 +- pkg/gateway/handlers/deployments/service.go | 25 +- pkg/gateway/middleware.go | 24 +- pkg/node/gateway.go | 25 +- scripts/install-coredns.sh | 214 +++++++++++++----- 9 files changed, 228 insertions(+), 80 deletions(-) diff --git a/pkg/config/gateway_config.go b/pkg/config/gateway_config.go index 38b4614..e64d745 100644 --- a/pkg/config/gateway_config.go +++ b/pkg/config/gateway_config.go @@ -19,6 +19,7 @@ type HTTPGatewayConfig struct { IPFSClusterAPIURL string `yaml:"ipfs_cluster_api_url"` // IPFS Cluster API URL IPFSAPIURL string `yaml:"ipfs_api_url"` // IPFS API URL IPFSTimeout time.Duration `yaml:"ipfs_timeout"` // Timeout for IPFS operations + BaseDomain string `yaml:"base_domain"` // Base domain for deployments (e.g., "dbrs.space", defaults to "orama.network") } // HTTPSConfig contains HTTPS/TLS configuration for the gateway diff --git a/pkg/gateway/config.go b/pkg/gateway/config.go index b983932..9ea92f2 100644 --- a/pkg/gateway/config.go +++ b/pkg/gateway/config.go @@ -18,6 +18,9 @@ type Config struct { DomainName string // Domain name for HTTPS certificate TLSCacheDir string // Directory to cache TLS certificates (default: ~/.orama/tls-cache) + // Domain routing configuration + BaseDomain string // Base domain for deployment routing (e.g., "dbrs.space"). Defaults to "orama.network" + // Olric cache configuration OlricServers []string // List of Olric server addresses (e.g., ["localhost:3320"]). If empty, defaults to ["localhost:3320"] OlricTimeout time.Duration // Timeout for Olric operations (default: 10s) diff --git a/pkg/gateway/gateway.go b/pkg/gateway/gateway.go index a2b0568..550cf3b 100644 --- a/pkg/gateway/gateway.go +++ b/pkg/gateway/gateway.go @@ -252,6 +252,10 @@ func New(logger *logging.ColoredLogger, cfg *Config) (*Gateway, error) { gw.portAllocator, logger.Logger, ) + // Set base domain from config + if gw.cfg.BaseDomain != "" { + gw.deploymentService.SetBaseDomain(gw.cfg.BaseDomain) + } // Create deployment handlers gw.staticHandler = deploymentshandlers.NewStaticDeploymentHandler( diff --git a/pkg/gateway/handlers/deployments/domain_handler.go b/pkg/gateway/handlers/deployments/domain_handler.go index 051aa74..f542261 100644 --- a/pkg/gateway/handlers/deployments/domain_handler.go +++ b/pkg/gateway/handlers/deployments/domain_handler.go @@ -65,9 +65,10 @@ func (h *DomainHandler) HandleAddDomain(w http.ResponseWriter, r *http.Request) return } - // Check if domain is reserved - if strings.HasSuffix(domain, ".orama.network") { - http.Error(w, "Cannot use .orama.network domains as custom domains", http.StatusBadRequest) + // Check if domain is reserved (using configured base domain) + baseDomain := h.service.BaseDomain() + if strings.HasSuffix(domain, "."+baseDomain) { + http.Error(w, fmt.Sprintf("Cannot use .%s domains as custom domains", baseDomain), http.StatusBadRequest) return } diff --git a/pkg/gateway/handlers/deployments/list_handler.go b/pkg/gateway/handlers/deployments/list_handler.go index 6e37966..2ae1f80 100644 --- a/pkg/gateway/handlers/deployments/list_handler.go +++ b/pkg/gateway/handlers/deployments/list_handler.go @@ -62,13 +62,14 @@ func (h *ListHandler) HandleList(w http.ResponseWriter, r *http.Request) { return } + baseDomain := h.service.BaseDomain() deployments := make([]map[string]interface{}, len(rows)) for i, row := range rows { urls := []string{ - "https://" + row.Name + "." + row.HomeNodeID + ".orama.network", + "https://" + row.Name + "." + row.HomeNodeID + "." + baseDomain, } if row.Subdomain != "" { - urls = append(urls, "https://"+row.Subdomain+".orama.network") + urls = append(urls, "https://"+row.Subdomain+"."+baseDomain) } deployments[i] = map[string]interface{}{ diff --git a/pkg/gateway/handlers/deployments/service.go b/pkg/gateway/handlers/deployments/service.go index 2a0d573..303d76e 100644 --- a/pkg/gateway/handlers/deployments/service.go +++ b/pkg/gateway/handlers/deployments/service.go @@ -18,6 +18,7 @@ type DeploymentService struct { homeNodeManager *deployments.HomeNodeManager portAllocator *deployments.PortAllocator logger *zap.Logger + baseDomain string // Base domain for deployments (e.g., "dbrs.space") } // NewDeploymentService creates a new deployment service @@ -32,9 +33,25 @@ func NewDeploymentService( homeNodeManager: homeNodeManager, portAllocator: portAllocator, logger: logger, + baseDomain: "orama.network", // default } } +// SetBaseDomain sets the base domain for deployments +func (s *DeploymentService) SetBaseDomain(domain string) { + if domain != "" { + s.baseDomain = domain + } +} + +// BaseDomain returns the configured base domain +func (s *DeploymentService) BaseDomain() string { + if s.baseDomain == "" { + return "orama.network" + } + return s.baseDomain +} + // CreateDeployment creates a new deployment func (s *DeploymentService) CreateDeployment(ctx context.Context, deployment *deployments.Deployment) error { // Assign home node if not already assigned @@ -249,14 +266,14 @@ func (s *DeploymentService) CreateDNSRecords(ctx context.Context, deployment *de } // Create node-specific record - nodeFQDN := fmt.Sprintf("%s.%s.orama.network.", deployment.Name, deployment.HomeNodeID) + nodeFQDN := fmt.Sprintf("%s.%s.%s.", deployment.Name, deployment.HomeNodeID, s.BaseDomain()) if err := s.createDNSRecord(ctx, nodeFQDN, "A", nodeIP, deployment.Namespace, deployment.ID); err != nil { s.logger.Error("Failed to create node-specific DNS record", zap.Error(err)) } // Create load-balanced record if subdomain is set if deployment.Subdomain != "" { - lbFQDN := fmt.Sprintf("%s.orama.network.", deployment.Subdomain) + lbFQDN := fmt.Sprintf("%s.%s.", deployment.Subdomain, s.BaseDomain()) if err := s.createDNSRecord(ctx, lbFQDN, "A", nodeIP, deployment.Namespace, deployment.ID); err != nil { s.logger.Error("Failed to create load-balanced DNS record", zap.Error(err)) } @@ -301,11 +318,11 @@ func (s *DeploymentService) getNodeIP(ctx context.Context, nodeID string) (strin // BuildDeploymentURLs builds all URLs for a deployment func (s *DeploymentService) BuildDeploymentURLs(deployment *deployments.Deployment) []string { urls := []string{ - fmt.Sprintf("https://%s.%s.orama.network", deployment.Name, deployment.HomeNodeID), + fmt.Sprintf("https://%s.%s.%s", deployment.Name, deployment.HomeNodeID, s.BaseDomain()), } if deployment.Subdomain != "" { - urls = append(urls, fmt.Sprintf("https://%s.orama.network", deployment.Subdomain)) + urls = append(urls, fmt.Sprintf("https://%s.%s", deployment.Subdomain, s.BaseDomain())) } return urls diff --git a/pkg/gateway/middleware.go b/pkg/gateway/middleware.go index 05dc824..418f601 100644 --- a/pkg/gateway/middleware.go +++ b/pkg/gateway/middleware.go @@ -439,8 +439,14 @@ func (g *Gateway) domainRoutingMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { host := strings.Split(r.Host, ":")[0] // Strip port - // Only process .orama.network domains - if !strings.HasSuffix(host, ".orama.network") { + // Get base domain from config (default to orama.network) + baseDomain := "orama.network" + if g.cfg != nil && g.cfg.BaseDomain != "" { + baseDomain = g.cfg.BaseDomain + } + + // Only process base domain and its subdomains + if !strings.HasSuffix(host, "."+baseDomain) { next.ServeHTTP(w, r) return } @@ -493,6 +499,12 @@ func (g *Gateway) getDeploymentByDomain(ctx context.Context, domain string) (*de // Strip trailing dot if present domain = strings.TrimSuffix(domain, ".") + // Get base domain from config (default to orama.network) + baseDomain := "orama.network" + if g.cfg != nil && g.cfg.BaseDomain != "" { + baseDomain = g.cfg.BaseDomain + } + // Query deployment by domain (node-specific subdomain or custom domain) db := g.client.Database() internalCtx := client.WithInternalAuth(ctx) @@ -501,15 +513,15 @@ func (g *Gateway) getDeploymentByDomain(ctx context.Context, domain string) (*de SELECT d.id, d.namespace, d.name, d.type, d.port, d.content_cid, d.status FROM deployments d LEFT JOIN deployment_domains dd ON d.id = dd.deployment_id - WHERE (d.name || '.' || d.home_node_id || '.orama.network' = ? - OR d.name || '.node-' || d.home_node_id || '.orama.network' = ? - OR d.name || '.orama.network' = ? + WHERE (d.name || '.' || d.home_node_id || '.' || ? = ? + OR d.name || '.node-' || d.home_node_id || '.' || ? = ? + OR d.name || '.' || ? = ? OR dd.domain = ? AND dd.verified_at IS NOT NULL) AND d.status = 'active' LIMIT 1 ` - result, err := db.Query(internalCtx, query, domain, domain, domain, domain) + result, err := db.Query(internalCtx, query, baseDomain, domain, baseDomain, domain, baseDomain, domain, domain) if err != nil || result.Count == 0 { return nil, err } diff --git a/pkg/node/gateway.go b/pkg/node/gateway.go index 9bada62..891808c 100644 --- a/pkg/node/gateway.go +++ b/pkg/node/gateway.go @@ -33,19 +33,20 @@ func (n *Node) startHTTPGateway(ctx context.Context) error { } gwCfg := &gateway.Config{ - ListenAddr: n.config.HTTPGateway.ListenAddr, - ClientNamespace: n.config.HTTPGateway.ClientNamespace, - BootstrapPeers: n.config.Discovery.BootstrapPeers, - NodePeerID: loadNodePeerIDFromIdentity(n.config.Node.DataDir), - RQLiteDSN: n.config.HTTPGateway.RQLiteDSN, - OlricServers: n.config.HTTPGateway.OlricServers, - OlricTimeout: n.config.HTTPGateway.OlricTimeout, + ListenAddr: n.config.HTTPGateway.ListenAddr, + ClientNamespace: n.config.HTTPGateway.ClientNamespace, + BootstrapPeers: n.config.Discovery.BootstrapPeers, + NodePeerID: loadNodePeerIDFromIdentity(n.config.Node.DataDir), + RQLiteDSN: n.config.HTTPGateway.RQLiteDSN, + OlricServers: n.config.HTTPGateway.OlricServers, + OlricTimeout: n.config.HTTPGateway.OlricTimeout, IPFSClusterAPIURL: n.config.HTTPGateway.IPFSClusterAPIURL, - IPFSAPIURL: n.config.HTTPGateway.IPFSAPIURL, - IPFSTimeout: n.config.HTTPGateway.IPFSTimeout, - EnableHTTPS: n.config.HTTPGateway.HTTPS.Enabled, - DomainName: n.config.HTTPGateway.HTTPS.Domain, - TLSCacheDir: n.config.HTTPGateway.HTTPS.CacheDir, + IPFSAPIURL: n.config.HTTPGateway.IPFSAPIURL, + IPFSTimeout: n.config.HTTPGateway.IPFSTimeout, + EnableHTTPS: n.config.HTTPGateway.HTTPS.Enabled, + DomainName: n.config.HTTPGateway.HTTPS.Domain, + TLSCacheDir: n.config.HTTPGateway.HTTPS.CacheDir, + BaseDomain: n.config.HTTPGateway.BaseDomain, } apiGateway, err := gateway.New(gatewayLogger, gwCfg) diff --git a/scripts/install-coredns.sh b/scripts/install-coredns.sh index 0fdbd09..0d3bd12 100755 --- a/scripts/install-coredns.sh +++ b/scripts/install-coredns.sh @@ -1,5 +1,6 @@ #!/bin/bash -# install-coredns.sh - Install and configure CoreDNS on Orama Network nodes +# install-coredns.sh - Install and configure CoreDNS for DeBros Network nodes +# This script sets up a simple wildcard DNS server for deployment subdomains set -euo pipefail COREDNS_VERSION="${COREDNS_VERSION:-1.11.1}" @@ -9,6 +10,10 @@ CONFIG_DIR="/etc/coredns" DATA_DIR="/var/lib/coredns" USER="debros" +# Configuration - Override these with environment variables +DOMAIN="${DOMAIN:-dbrs.space}" +NODE_IP="${NODE_IP:-}" # Auto-detected if not provided + # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' @@ -35,11 +40,31 @@ fi # Check if debros user exists if ! id -u "$USER" >/dev/null 2>&1; then - log_error "User '$USER' does not exist. Please create it first." + log_warn "User '$USER' does not exist. Creating..." + useradd -r -m -s /bin/bash "$USER" || true +fi + +# Auto-detect node IP if not provided +if [ -z "$NODE_IP" ]; then + NODE_IP=$(hostname -I | awk '{print $1}') + log_info "Auto-detected node IP: $NODE_IP" +fi + +if [ -z "$NODE_IP" ]; then + log_error "Could not detect node IP. Please set NODE_IP environment variable." exit 1 fi -log_info "Installing CoreDNS $COREDNS_VERSION..." +log_info "Installing CoreDNS $COREDNS_VERSION for domain $DOMAIN..." + +# Disable systemd-resolved stub listener to free port 53 +log_info "Configuring systemd-resolved..." +mkdir -p /etc/systemd/resolved.conf.d/ +cat > /etc/systemd/resolved.conf.d/disable-stub.conf << 'EOF' +[Resolve] +DNSStubListener=no +EOF +systemctl restart systemd-resolved || true # Download CoreDNS cd /tmp @@ -66,67 +91,150 @@ mkdir -p "$CONFIG_DIR" mkdir -p "$DATA_DIR" chown -R "$USER:$USER" "$DATA_DIR" -# Copy Corefile if provided -if [ -f "./configs/coredns/Corefile" ]; then - log_info "Copying Corefile configuration..." - cp ./configs/coredns/Corefile "$CONFIG_DIR/Corefile" +# Create Corefile for simple wildcard DNS +log_info "Creating Corefile..." +cat > "$CONFIG_DIR/Corefile" << EOF +# CoreDNS configuration for $DOMAIN +# Serves wildcard DNS for deployment subdomains + +$DOMAIN { + file $CONFIG_DIR/db.$DOMAIN + log + errors +} + +# Forward all other queries to upstream DNS +. { + forward . 8.8.8.8 8.8.4.4 1.1.1.1 + cache 300 + errors +} +EOF + +# Create zone file +log_info "Creating zone file for $DOMAIN..." +SERIAL=$(date +%Y%m%d%H) +cat > "$CONFIG_DIR/db.$DOMAIN" << EOF +\$ORIGIN $DOMAIN. +\$TTL 300 + +@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. ( + $SERIAL ; Serial + 3600 ; Refresh + 1800 ; Retry + 604800 ; Expire + 300 ) ; Negative TTL + +; Nameservers +@ IN NS ns1.$DOMAIN. +@ IN NS ns2.$DOMAIN. +@ IN NS ns3.$DOMAIN. + +; Glue records - update these with actual nameserver IPs +ns1 IN A $NODE_IP +ns2 IN A $NODE_IP +ns3 IN A $NODE_IP + +; Root domain +@ IN A $NODE_IP + +; Wildcard for all subdomains (deployments) +* IN A $NODE_IP +EOF + +# Create systemd service +log_info "Creating systemd service..." +cat > /etc/systemd/system/coredns.service << EOF +[Unit] +Description=CoreDNS DNS Server +Documentation=https://coredns.io +After=network.target + +[Service] +Type=simple +User=root +ExecStart=$INSTALL_DIR/coredns -conf $CONFIG_DIR/Corefile +Restart=on-failure +RestartSec=5 + +# Security hardening +NoNewPrivileges=true +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload + +# Set up iptables redirect for port 80 -> gateway port 6001 +log_info "Setting up port 80 redirect to gateway port 6001..." +iptables -t nat -C PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 2>/dev/null || \ + iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 + +# Make iptables rules persistent +mkdir -p /etc/network/if-pre-up.d/ +cat > /etc/network/if-pre-up.d/iptables-redirect << 'EOF' +#!/bin/sh +iptables -t nat -C PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 2>/dev/null || \ + iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 +EOF +chmod +x /etc/network/if-pre-up.d/iptables-redirect + +# Configure firewall +log_info "Configuring firewall..." +if command -v ufw >/dev/null 2>&1; then + ufw allow 53/tcp >/dev/null 2>&1 || true + ufw allow 53/udp >/dev/null 2>&1 || true + ufw allow 80/tcp >/dev/null 2>&1 || true + log_info "Firewall rules added for ports 53 (DNS) and 80 (HTTP)" else - log_warn "Corefile not found in ./configs/coredns/Corefile" - log_warn "Please copy your Corefile to $CONFIG_DIR/Corefile manually" + log_warn "UFW not found. Please manually configure firewall for ports 53 and 80" fi -# Install systemd service -log_info "Installing systemd service..." -if [ -f "./configs/coredns/coredns.service" ]; then - cp ./configs/coredns/coredns.service /etc/systemd/system/ - systemctl daemon-reload - log_info "Systemd service installed" -else - log_warn "Service file not found in ./configs/coredns/coredns.service" -fi +# Enable and start CoreDNS +log_info "Starting CoreDNS..." +systemctl enable coredns +systemctl start coredns # Verify installation -log_info "Verifying installation..." -if command -v coredns >/dev/null 2>&1; then - VERSION_OUTPUT=$(coredns -version 2>&1 | head -1) - log_info "Installed: $VERSION_OUTPUT" +sleep 2 +if systemctl is-active --quiet coredns; then + log_info "CoreDNS is running" else - log_error "CoreDNS installation verification failed" + log_error "CoreDNS failed to start. Check: journalctl -u coredns" exit 1 fi -# Firewall configuration reminder -log_warn "IMPORTANT: Configure firewall to allow DNS traffic" -log_warn " - UDP/TCP port 53 (DNS)" -log_warn " - TCP port 8080 (health check)" -log_warn " - TCP port 9153 (metrics)" -echo -log_warn "Example firewall rules:" -log_warn " sudo ufw allow 53/tcp" -log_warn " sudo ufw allow 53/udp" -log_warn " sudo ufw allow 8080/tcp" -log_warn " sudo ufw allow 9153/tcp" - -# Service management instructions -echo -log_info "Installation complete!" -echo -log_info "To configure CoreDNS:" -log_info " 1. Edit $CONFIG_DIR/Corefile" -log_info " 2. Ensure RQLite is running and accessible" -echo -log_info "To start CoreDNS:" -log_info " sudo systemctl enable coredns" -log_info " sudo systemctl start coredns" -echo -log_info "To check status:" -log_info " sudo systemctl status coredns" -log_info " sudo journalctl -u coredns -f" -echo -log_info "To test DNS:" -log_info " dig @localhost test.orama.network" +# Test DNS resolution +log_info "Testing DNS resolution..." +if dig @localhost test.$DOMAIN +short | grep -q "$NODE_IP"; then + log_info "DNS test passed: test.$DOMAIN resolves to $NODE_IP" +else + log_warn "DNS test failed or returned unexpected result" +fi # Cleanup rm -f /tmp/coredns.tgz +echo +log_info "============================================" +log_info "CoreDNS installation complete!" +log_info "============================================" +echo +log_info "Configuration:" +log_info " Domain: $DOMAIN" +log_info " Node IP: $NODE_IP" +log_info " Corefile: $CONFIG_DIR/Corefile" +log_info " Zone file: $CONFIG_DIR/db.$DOMAIN" +echo +log_info "Commands:" +log_info " Status: sudo systemctl status coredns" +log_info " Logs: sudo journalctl -u coredns -f" +log_info " Test: dig @localhost anything.$DOMAIN" +echo +log_info "Note: Update the zone file with other nameserver IPs for redundancy:" +log_info " sudo vi $CONFIG_DIR/db.$DOMAIN" +echo log_info "Done!"