forked from okTurtles/dnschain
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.coffee
189 lines (160 loc) · 7.45 KB
/
config.coffee
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
###
dnschain
http://dnschain.net
Copyright (c) 2014 okTurtles Foundation
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
###
###
All configuration options can be overwritten using command line args
and/or environment variables.
Below you will see the available options and their defaults.
- The top-level options map to sections in the config file.
I.e. `dns` and `log` designate the sections `[dns]` and `[log]`
- All non top-level options are respresented via dot notation.
I.e. to set the `oldDNS` `address`, you'd do:
[dns]
oldDNS.address = 8.8.4.4
- For each blockchain, you can specify its configuration file
by specifying the blockchain name as a section, and then
setting the config variable.
Example:
[namecoin]
config = /home/namecoin/.namecoin/namecoin.conf
See also:
<https://github.com/okTurtles/dnschain/blob/master/docs/How-do-I-run-my-own.md#Configuration>
###
nconf = require 'nconf'
props = require 'properties'
fs = require 'fs'
tty = require 'tty'
module.exports = (dnschain) ->
# expose these into our namespace
for k of dnschain.globals
eval "var #{k} = dnschain.globals.#{k};"
# TODO: add path to our private key for signing answers
amRoot = process.getuid() is 0
# =================================================
# BEGIN DNSCHAIN CONFIGURATION OPTIONS AND DEFAULTS
# =================================================
defaults = {
log:
level: if process.env.DNS_EXAMPLE then 'debug' else 'info'
colors: true
pretty: tty.isatty process.stdout
timestamp: tty.isatty process.stdout
dns:
port: if amRoot then 53 else 5333
host: '0.0.0.0' # what we bind to
externalIP: gExternalIP() # Advertised IP for .dns metaTLD (ex: namecoin.dns)
oldDNSMethod: 'NATIVE_DNS' # see 'globals.coffee' for possible values
oldDNS:
address: '8.8.8.8' # Google (we recommend running PowerDNS yourself and sending it there)
port: 53
type: 'udp'
http:
port: if amRoot then 80 else 8088 # Standard HTTP port
tlsPort: if amRoot then 443 else 4443 # Standard HTTPS port
tlsKey: "#{process.env.HOME}/.dnschain/key.pem"
tlsCert: "#{process.env.HOME}/.dnschain/cert.pem"
internalTLSPort: 2500 # Not accessible from the internet, used internally only
internalAdminPort: 3000 # Not accessible from the internet, used internally only
host: '0.0.0.0' # what we bind to. 0.0.0.0 for the whole internet
redis:
socket: '127.0.0.1:6379' # or UNIX domain socket path
oldDNS:
enabled: false
ttl: 600 # Maximum time to keep DNS records in cache, regardless of TTL
blockchain:
enabled: false
ttl: 600
unblock: # The options in this section are only for when Unblock is enabled.
enabled: false
acceptApiCallsTo: ["localhost"] # Add your public facing domain here if you want to accept calls to the RESTful API when Unblock is enabled.
routeDomains: { # If traffic coming in on the tlsPort needs to be redirected to another application on the server then add it here
# Example: "mywebsite.com" : 9000 # This tells the server to send traffic meant to "mywebsite.com" to port 9000. It'll still be encrypted when it reaches port 9000
}
# WARNING: Do not change these settings unless you know exactly what you're doing.
# Read the source code, read the Bottleneck docs,
# make sure you understand how it might make your server complicit in DNS Amplification Attacks and your server might be taken down as a result.
rateLimiting:
dns:
maxConcurrent: 1
minTime: 200
highWater: 2
strategy: Bottleneck.strategy.BLOCK
penalty: 7000
http:
maxConcurrent: 2
minTime: 150
highWater: 10
strategy: Bottleneck.strategy.OVERFLOW
https:
maxConcurrent: 2
minTime: 150
highWater: 10
strategy: Bottleneck.strategy.OVERFLOW
}
# ===============================================
# END DNSCHAIN CONFIGURATION OPTIONS AND DEFAULTS
# ===============================================
fileFormatOpts =
comments: ['#', ';']
sections: true
namespaces: true
props.parse = _.partialRight props.parse, fileFormatOpts
props.stringify = _.partialRight props.stringify, fileFormatOpts
confTypes =
INI: props
JSON: JSON
# load our config
nconf.argv().env('__')
dnscConfLocs = [
"#{process.env.HOME}/.dnschain/dnschain.conf", # the default
"#{process.env.HOME}/.dnschain.conf",
"/etc/dnschain/dnschain.conf"
]
dnscConf = _.find dnscConfLocs, (x) -> fs.existsSync x
if process.env.HOME and not fs.existsSync "#{process.env.HOME}/.dnschain"
# create this folder on UNIX based systems so that https.coffee
# can autogen the private/public key if they don't exist
fs.mkdirSync "#{process.env.HOME}/.dnschain", 0o710
# we can't access `dnschain.globals.gLogger` here because it hasn't
# been defined yet unfortunately.
if dnscConf
console.info "[INFO] Loading DNSChain config from: #{dnscConf}"
nconf.file 'user', {file: dnscConf, format: props}
else
console.warn "[WARN] No DNSChain configuration file found. Using defaults!".bold.yellow
nconf.file 'user', {file: dnscConfLocs[0], format: props}
config =
get: (key, store="dnschain") -> config.chains[store].get key
set: (key, value, store="dnschain") -> config.chains[store].set key, value
chains:
dnschain: nconf.defaults defaults
add: (name, paths, type) ->
log = dnschain.globals.gLogger
gLineInfo = dnschain.globals.gLineInfo
if config.chains[name]?
log.warn gLineInfo "Not overwriting existing #{name} configuration"
return config.chains[name]
paths = [paths] unless Array.isArray(paths)
type = confTypes[type] || confTypes['JSON']
# if dnschain's config specifies this chain's config path, prioritize it
# fixes: https://github.com/okTurtles/dnschain/issues/60
customConfigPath = config.chains.dnschain.get "#{name}:config"
if customConfigPath?
paths = [customConfigPath]
log.info "custom config path for #{name}: #{paths[0]}"
confFile = _.find paths, (x) -> fs.existsSync x
unless confFile
log.warn "Couldn't find #{name} configuration:".bold.yellow, paths
return
conf = (new nconf.Provider()).argv().env()
log.info "#{name} configuration path: #{confFile}"
conf.file 'user', {file: confFile, format: type}
# if dnschain's config specifies this chain's config information, use it as default
if config.chains.dnschain.get("#{name}")?
conf.defaults config.chains.dnschain.get "#{name}"
config.chains[name] = conf