luci-app-acme: improve UI for inexperienced users #7147
Conversation
stokito
changed the title
There was a problem hiding this comment.
I generally applaud the effort to make things more user friendly, but have some comments, see below.
Also a general one: You're adding new reads to the file system but not updating the acl config accordingly. So will things actually work correctly? How did you test all the permutations?
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
| o.value('standalone', _('Standalone')); | ||
| o.value('webroot', _('Webroot')); | ||
| o.value('dns', _('DNS')); | ||
| o.default = 'webroot'; |
There was a problem hiding this comment.
Why this change? I personally consider the validation method an "advanced" setting, it should be possible for a user to just specify the domain and have everything work without caring about the validation method, no?
There was a problem hiding this comment.
A user must at least check the validation method if the DNS is used. Only for the DNS we allow wildcards.
There was a problem hiding this comment.
Sure, but the domain is still the primary input, and the validation method is a detail for special cases (I don't think wildcard certificates are terribly common).
There was a problem hiding this comment.
I still don't think we should swap these; please drop this commit.
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js
Outdated
Show resolved
Hide resolved
|
Please squash before merging, I made many commits to just simplify the review. |
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Show resolved
Hide resolved
|
Chrome console:
_isFqdn('0a.net')
true
_isFqdn('0a')
false
_isFqdn('192.168.1.1')
false
_isFqdn('[::1]')
false
The wildcards are out of context here. The main goal of the function is
to determine if the browser URL can be used as a domain
e.g. `example.com` - ok, just `router` - not ok.
…On 07/06/2024 22:46, Paul Donald wrote:
function _isFqdn(domain) { + // Is not an IP i.e. starts from
alphanumeric and has least one dot + return
/[a-z0-9-]\..*$/.test(domain) && !/[0-9-]\..*$/.test(domain);
|
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Outdated
Show resolved
Hide resolved
Right, but: Maybe something like: function _isIP(str) {
return /^[0-9\.]+$/.test(str) || /[\[\]:]/.test(str);
}
function _isFqdn(str) {
return !_isIP(str) && /\./.test(str);
} |
| @@ -648,7 +648,7 @@ function _collectDdnsDomains() { | |||
| if (credentials.length > 0) { | |||
| ddnsDomains.push({ | |||
| sectionId: ddnsService['.name'], | |||
| domains: [ddnsService['domain']], | |||
| domains: [ddnsService['domain'], '*.' + ddnsService['domain']], | |||
There was a problem hiding this comment.
Why? I don't think we should be encouraging people to randomly issue wildcard certs...
There was a problem hiding this comment.
This import functionality is intended for non experienced users.
The DDNS is most likely used for personal and home usage so wildcard is not that risky. People may want to use subdomains for separate home services like HomeAssistant.my.ddns.test or NextCloud.my.ddns.test. The wildcard will significantly simplify things. If someone is paranoid they are free to edit manually the generated config.
There was a problem hiding this comment.
That's a big assumption; those services may not even be running on the router. I don't think we should be doing the less secure thing by default. Add a note about it, sure, but don't just add the *.
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Outdated
Show resolved
Hide resolved
applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Outdated
Show resolved
Hide resolved
|
Normally the message should never occur. It would be better to let a user to know for any duplicate. Or we can just override and a user will check the Changes to apply to see what changed
|
|
Nothing wrong with wildcards per se. Having them by default may simplify next configurations steps for new subdomains e.g. adding of nextcloud.example.duckdns.org.
An advanced user can remove the wildcard if not needed.
|
|
Yes, the alert() is annoying, still it's much easier to implement it. Ideally a user should never see it
|
|
Sergey Ponomarev ***@***.***> writes:
Nothing wrong with wildcards per se. Having them by default may simplify next configurations steps for new subdomains e.g. adding of nextcloud.example.duckdns.org.
I disagree. A wildcard certificate assigns a lot more trust to the
device than a single domain, so the principle of least privilege
dictates that these should only be used when absolutely necessary.
An advanced user can remove the wildcard if not needed.
No, an advanced user can add it if needed :)
|
|
Sergey Ponomarev ***@***.***> writes:
Yes, the alert() is anoying, still it's much easier to implement it.
Ideally a user should never see it
No, don't offload pain on the user to make things easier to implement.
"Should never see it" is not a good argument, it will definitely happen
more than expected.
|
|
Do not use alert. It's is extremely difficult to manage with keyboard
only.
|
|
Please remove |
|
ping @stokito |
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The article is "Get a free HTTPS certificate from LetsEncrypt for OpenWrt with ACME.sh" Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
A user must specify the validation_method first. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
In the 585df1d I changed the validation_method to webroot by mistake because I thought this is a default in the acme.sh. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
We can't just use the datatype = "list(hostname)" because a domain may have a wildcard. So check the domain by a simple regexp. Check that DNS mode is used for wildcard. Make the wildcard allowed only the beginning. Add lowercase requirement. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
…S mode is used Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Check if the hostname is FQDN (e.g. has least one dot). Check if the domain in the browser is not an IP and FQDN. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Many users already have a DDNS configured e.g. DuckDNS.org or Cloudflare. We can import the configurations to simplify configurations and avoid mistakes. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
Please re-review the PR. Now it doesn't contains changes in stings to make it easier to review and merge. I'll send another small PR for them. |
| ) | ||
| ); | ||
| o.depends('acme_server', ''); | ||
| o.depends('acme_server', 'letsencrypt'); |
There was a problem hiding this comment.
This won't work - the acmesh script has this logic:
if [ "$acme_server" ]; then
set -- "$@" --server "$acme_server"
# default to letsencrypt because the upstream default may change
elif [ "$staging" = 1 ]; then
set -- "$@" --server letsencrypt_test
else
set -- "$@" --server letsencrypt
fiSo if acme_server is set to letsencrypt, the staging field won't actually do anything.
| o.value('standalone', _('Standalone')); | ||
| o.value('webroot', _('Webroot')); | ||
| o.value('dns', _('DNS')); | ||
| o.default = 'webroot'; |
There was a problem hiding this comment.
I still don't think we should swap these; please drop this commit.
| @@ -16,11 +16,13 @@ return view.extend({ | |||
| } | |||
| return certs; | |||
| }), | |||
| L.resolveDefault(fs.stat('/usr/lib/acme/client/dnsapi'), null), | |||
There was a problem hiding this comment.
You're not adding this to the ACL file
| function _isFqdn(domain) { | ||
| // Is not an IP i.e. starts from alphanumeric and has least one dot | ||
| return /[a-z0-9-]\..*$/.test(domain) && !/[0-9-]\..*$/.test(domain); | ||
| } |
There was a problem hiding this comment.
This test doesn't work:
_isFqdn("a1.com")
false | @@ -18,6 +19,7 @@ return view.extend({ | |||
| }), | |||
| L.resolveDefault(fs.stat('/usr/lib/acme/client/dnsapi'), null), | |||
| L.resolveDefault(fs.lines('/proc/sys/kernel/hostname'), ''), | |||
| L.resolveDefault(uci.load('ddns')), | |||
| @@ -648,7 +648,7 @@ function _collectDdnsDomains() { | |||
| if (credentials.length > 0) { | |||
| ddnsDomains.push({ | |||
| sectionId: ddnsService['.name'], | |||
| domains: [ddnsService['domain']], | |||
| domains: [ddnsService['domain'], '*.' + ddnsService['domain']], | |||
There was a problem hiding this comment.
That's a big assumption; those services may not even be running on the router. I don't think we should be doing the less secure thing by default. Add a note about it, sure, but don't just add the *.
Maintainer: @tohojo
CC @hgl @stangri @systemcrash