[Feature Request] Automate custom domain VHOST support in CSC Cloud #87
Labels
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: public/pyceo#87
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently, creating vhosts with custom domains require manual verification on an individual basis as it's not currently possible to verify a particular user's ownership of a domain name.
A few ideas for domain verification:
For verifying ownership of an entire domain, it should be sufficient to prove verification for the root of the domain. Verification through CNAME/TXT is probably the best.
For verifying a subdomain (where the user doesn't own the entire domain, eg. third level domains), file upload is likely the only option.
Other Considerations
How long should verification last? Should it be checked periodically? Every 3 months?? And every time a verification is requested (through Pyceo)?
If multiple users use subdomains from the same domain, how would verification work? If they verify subdomains, there shouldn't be a problem. But if one verifies the entire domain, should that user be the only person able to control vhosts from that domain?
Pyceo is currently stateless...
Reference: https://docs.cloud.csclub.uwaterloo.ca/vhosts/
Automate custom domain VHOST support in CSC Cloudto [Feature Request] Automate custom domain VHOST support in CSC CloudTo automatically verify vhosts for custom domain names, we need to automatically verify a user's ownership of a domain/subdomain name. If ownership could be proven, then a VHOST record should be created for the user.
Verification Methods:
METHOD #1 (DNS TXT verification):
ceo cloud vhosts code
: A unique checksum (SHA256 perhaps?) is generated for a particular user who wishes to prove their ownership of a domain.TXT
needs to be created at the ROOT of a domain name based on the unique checksum (eg.csc-verification
).ceo cloud vhosts add <custom domain/subdomain> <forwarded ip>
Whenever a vhost is created (that requires verification), CEO would query the TXT record before creating the TXT record.METHOD #2 (File based verification):
tbd...
Checks need to be added here:
779e35a08e/ceod/model/VHostManager.py (L93)
You could use a long enough uuid when wanting a random string.
For file-based verification, user can upload a file containing a random string, then the ceo can download the file and verify.
Tests need to be added here:
779e35a08e/tests/ceod/api/test_cloud.py (L90)
@y3285wan Yup. For the UUID, it needs to be associated with a particular user. Perhaps it could be generated from the CSC username.
For file-based verification, the same UUID (unique to the user) could be used as well.