# SafelineAPI

A lightweight CLI tool that automatically manages TLS/SSL certificates for SafeLine instances using DNS-01 validation. It supports multiple DNS providers, making it easy to automate certificate renewal and updates across your infrastructure.

## What It Does

SafelineAPI simplifies TLS certificate management by:
- **Automatically requesting new certificates** from Let's Encrypt using DNS-01 validation
- **Updating existing certificates** in your SafeLine WAF instance
- **Supporting multiple DNS providers** (Cloudflare, Tencent Cloud, Aliyun, Huawei Cloud, WestCN)
- **Running as a scheduled service** on Linux (systemd) or Windows
- **Checking certificate expiration** and renewing before they expire

Perfect for users who want hands-off certificate management integrated with SafeLine!

## Quick Start

### Download & Run (Easiest)

1. **Download a pre-built binary** from [Releases](../../releases)
2. **Follow the setup guide** → see [INSTALL.md](INSTALL.md)

### Or Build from Source

```bash
git clone <your-repo-url>
cd SafelineAPI
go build -o safelineApi ./cmd/safelineApi
```

## Installation & Setup

For detailed setup instructions, see **[INSTALL.md](INSTALL.md)** which covers:
- ✅ Using pre-built release binaries
- ✅ Building from source (Linux, Windows, macOS)
- ✅ Configuring the application
- ✅ Running as a service on Linux (systemd)
- ✅ Running as a service on Windows (NSSM, Task Scheduler)
- ✅ Troubleshooting

## Configuration

1. Copy `config.example.json` to `config.json`
2. Fill in your SafeLine API token and DNS provider credentials
3. Run with: `./safelineApi config.json`

For detailed configuration options, see [docs/CONFIGURATION.md](docs/CONFIGURATION.md)

## DNS Providers

Currently supported:
- **Cloudflare** - Recommended for most users
- **Tencent Cloud** - For Chinese users
- **Aliyun (Alibaba Cloud)** - For Chinese users
- **Huawei Cloud** - For Chinese users
- **WestCN** - For Chinese users

See [docs/cloudflare.md](docs/cloudflare.md) for Cloudflare-specific setup.

## Security Best Practices

- ✅ Use **scoped API tokens** instead of global keys (especially for Cloudflare)
- ✅ Keep `config.json` **out of source control**
- ✅ Restrict file permissions on `config.json` (600 on Linux)
- ✅ Run the service as an **unprivileged user**
- ✅ Use environment variables or secret management in production

## Documentation

- [INSTALL.md](INSTALL.md) - Complete installation and setup guide
- [CONFIGURATION.md](docs/CONFIGURATION.md) - Detailed configuration reference
- [cloudflare.md](docs/cloudflare.md) - Cloudflare-specific setup guide

## Development

### Prerequisites (for building from source)
- Go 1.23 or later
- Git

### Build Commands

```bash
# Build for current platform
make build

# Build for all platforms (Linux & Windows)
make build-all

# Run tests
make test

# Format code
make fmt
```

## Automated Releases

This project uses **Gitea Actions** to automatically build and release binaries for:
- Linux: amd64, ARM64, ARMv7, 386, PowerPC 64LE
- Windows: amd64, 386

Releases are triggered by git tags (e.g., `v1.0.0`, `v1.0.1`)

## License

See LICENSE file for details.

## Support

- Found a bug? Create an issue
- Have a question? Check the docs first, then create a discussion
- Want to contribute? Pull requests welcome!