79 lines
2.9 KiB
Markdown
79 lines
2.9 KiB
Markdown
SafelineAPI
|
|
=================
|
|
|
|
Small CLI to request and upsert TLS certificates (DNS-01) with multiple DNS provider backends. This repo now includes Cloudflare DNS provider support via the lego provider.
|
|
|
|
Prerequisites
|
|
- Go toolchain (only required to build from source)
|
|
- A SafeLine API token (set in `config.json`)
|
|
- Cloudflare API token (scoped) or Global API key + account email
|
|
|
|
Quick start
|
|
|
|
1. Copy `config.example.json` to `config.json` and fill in your values.
|
|
|
|
2. Build (optional):
|
|
```powershell
|
|
cd C:\Users\samge\coding\SafelineAPI-1
|
|
go build -o safelineApi.exe ./cmd/safelineApi
|
|
```
|
|
|
|
3. Run:
|
|
```powershell
|
|
# using built binary
|
|
.\safelineApi.exe
|
|
|
|
# or directly with go
|
|
go run ./cmd/safelineApi -- -t "<SafeLineApiToken>" -D "Cloudflare" -e "you@example.com"
|
|
```
|
|
|
|
Configuration notes
|
|
- The main configuration file is `config.json` in the project root.
|
|
- To use Cloudflare for DNS-01, set `ApplyCert.DNSProviderConfig.DNSProvider` to `Cloudflare` and set `ApplyCert.DNSProviderConfig.Cloudflare.APIToken` to a scoped API token with `Zone:DNS:Edit` permission.
|
|
- If you must use the global API key, set `Cloudflare.APIKey` and `Cloudflare.Email` instead (less secure).
|
|
|
|
Docs
|
|
- See `docs/CONFIGURATION.md` for detailed configuration and troubleshooting steps.
|
|
- See `docs/cloudflare.md` for a short Cloudflare-specific guide.
|
|
|
|
Security
|
|
- Prefer scoped API tokens over global keys.
|
|
- Keep `config.json` out of source control; use environment variables or secret management in production.
|
|
|
|
Need anything else?
|
|
- I can add a small PowerShell script to run the app with environment variable support or create a release artifact (Windows exe) if you'd like.
|
|
|
|
Linux usage (systemd)
|
|
|
|
Most users run this on a Linux host. Below are recommended steps to install and run SafelineAPI as a service.
|
|
|
|
1. Build on the target machine (or cross-compile):
|
|
```bash
|
|
cd /opt
|
|
git clone <your-repo-url> safelineapi
|
|
cd safelineapi
|
|
go build -o safelineApi ./cmd/safelineApi
|
|
```
|
|
|
|
2. Place your `config.json` in `/opt/safelineapi/config.json` (or edit accordingly). You can use `config.example.json` as a starting point.
|
|
|
|
3. Install systemd unit (example unit available at `contrib/safelineapi.service`):
|
|
```bash
|
|
sudo cp contrib/safelineapi.service /etc/systemd/system/
|
|
sudo useradd --system --no-create-home safeline || true
|
|
sudo chown -R safeline:safeline /opt/safelineapi
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now safelineapi.service
|
|
sudo journalctl -u safelineapi.service -f
|
|
```
|
|
|
|
4. Alternatively run with the provided helper script (uses environment variables or builds if missing):
|
|
```bash
|
|
chmod +x scripts/run.sh
|
|
SAFELINE_API_TOKEN="..." DNS_PROVIDER=Cloudflare CONTACT_EMAIL="you@example.com" ./scripts/run.sh
|
|
```
|
|
|
|
Notes
|
|
- The `contrib/safelineapi.service` unit assumes files live in `/opt/safelineapi` and the binary is `/opt/safelineapi/safelineApi`. Adjust paths to fit your setup.
|
|
- For production, run the service as a dedicated unprivileged user and keep `config.json` permissions restricted.
|