Update generateACL.sh (#64)

* Update generateACL.sh - Retrieve only IP addresses (in case the DynDNS domain is a CNAME) - Support for DynDNS domains in ALLOWED_CLIENTS_FILE
Seji64 · Jul 22, 2024 · 3afed59 · 3afed59
1 parent 069d2ca
commit 3afed59
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 18 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -38,7 +38,7 @@ RUN apk update && apk upgrade
 RUN addgroup snidust && adduser -D -H -G snidust snidust
 
 # Install needed packages and clean up
-RUN apk add --no-cache tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic && rm -rf /var/cache/apk/*
+RUN apk add --no-cache jq tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic && rm -rf /var/cache/apk/*
 
 # Setup Folder(s)
 RUN mkdir -p /etc/dnsdist/conf.d && \
@@ -69,4 +69,4 @@ RUN chown -R snidust:snidust /etc/dnsdist/ && \
 USER snidust
 
 ENTRYPOINT ["/sbin/tini", "--"]
-CMD ["/bin/bash", "/entrypoint.sh"]
+CMD ["/bin/bash", "/entrypoint.sh"]
diff --git a/generateACL.sh b/generateACL.sh
@@ -2,24 +2,15 @@
 CLIENTS=()
 export DYNDNS_CRON_ENABLED=false
 
-if [ -n "${ALLOWED_CLIENTS_FILE}" ];
-then
-  if [ -f "${ALLOWED_CLIENTS_FILE}" ];
-  then
-    cat "$ALLOWED_CLIENTS_FILE" > /etc/dnsdist/allowedClients.acl
-  else
-    echo "[ERROR] ALLOWED_CLIENTS_FILE is set but file does not exists or is not accessible!"
-  fi
-else
-  IFS=', ' read -ra array <<< "$ALLOWED_CLIENTS"
-  for i in "${array[@]}"
+function read_acl () {
+  for i in "${client_list[@]}"
   do
     /usr/bin/ipcalc -cs "$i"
     retVal=$?
     if [ $retVal -eq 0 ]; then
       CLIENTS+=( "${i}" )
     else
-      RESOLVE_RESULT=$(/usr/bin/dog --short --type A "${i}")
+      RESOLVE_RESULT=$(/usr/bin/dog --json "${i}" | jq -r '.responses[].answers[1].address')
       retVal=$?
       if [ $retVal -eq 0 ]; then
         export DYNDNS_CRON_ENABLED=true
@@ -29,23 +20,37 @@ else
       fi
     fi
   done
-  (echo "${array[@]}" | grep -q '127.0.0.1')
+  (echo "${client_list[@]}" | grep -q '127.0.0.1')
   localipCheck=$?
   if [[ "$localipCheck" -eq 1 ]] && [[ "$DYNDNS_CRON_ENABLED" = true ]]; then
     echo "[INFO] Adding '127.0.0.1' to allowed clients cause else cron reload will not work"
     CLIENTS+=( "127.0.0.1" )
   fi
-  printf '%s\n' "${CLIENTS[@]}" > /etc/dnsdist/allowedClients.acl
+}
+
+if [ -n "${ALLOWED_CLIENTS_FILE}" ];
+then
+  if [ -f "${ALLOWED_CLIENTS_FILE}" ];
+  then
+    mapfile -t client_list < "$ALLOWED_CLIENTS_FILE"
+  else
+    echo "[ERROR] ALLOWED_CLIENTS_FILE is set but file does not exists or is not accessible!"
+  fi
+else
+  IFS=', ' read -ra client_list <<< "$ALLOWED_CLIENTS"
 fi
 
+read_acl
+printf '%s\n' "${CLIENTS[@]}" > /etc/dnsdist/allowedClients.acl
+
 if [ -f "/etc/dnsdist/allowedClients.acl" ];
 then
   echo "" > etc/nginx/allowedClients.conf
   while read -r line
   do
-      echo "allow $line;" >> /etc/nginx/allowedClients.conf
+    echo "allow $line;" >> /etc/nginx/allowedClients.conf
   done < "/etc/dnsdist/allowedClients.acl"
   echo "deny  all;" >> /etc/nginx/allowedClients.conf
 else
   touch /etc/nginx/allowedClients.conf
-fi
+fi