willnode / forward-domain Goto Github PK

View Code? Open in Web Editor NEW

143.0 4.0 17.0 222 KB

Forward Domains, completely free and open source.

Home Page: https://forwarddomain.net/

License: MIT License

JavaScript 91.06% Go 6.81% Dockerfile 2.13%

free-software forwarding domain microserv saas

forward-domain's Introduction

Forward Domain

For hosting guide See HOSTING.md and CHANGES.md

This service forwards domains using HTTP(s) redirects.

Example scenarios:

Forward non-www to www domains or vice versa
Forward old domains to new domains

Why using this service?

No coding required
No hosting required
No registration required
Completely anonymous
Completely free

How does it works?

Point your domain to us using CNAME or A/AAAA records
Tell us where to forward using TXT records
We handle HTTPS certificates for you

Get Started

To forward from www.old.com to old.com, add these records to your DNS:

www.old.com     IN    CNAME   r.forwarddomain.net
_.www.old.com   IN    TXT     forward-domain=https://old.com/*

Because CNAME can't be used in apex domains, you can use A/AAAA records.
To forward from old.com to new.net, add these records to your DNS:

old.com     IN    A       167.172.5.31
_.old.com   IN    TXT     forward-domain=https://new.net/*

The star * at the end tells us that the remaining URL path is also need to be forwarded to the destination URL.

If you use Cloudflare or any DNS which supports CNAME Flattening, you still can use CNAME records pointing to r.forwarddomain.net. It's recommended to use CNAME records rather than A/AAAA records.

You can choose the type of redirection you want to use by declaring the http-status value:

www.old.com     IN    CNAME   r.forwarddomain.net
_.www.old.com   IN    TXT     http-status=302;forward-domain=https://old.com/*

The HTTP codes available for use include:

301 Permanent redirection (default)
302 Temporary redirection (may keeping SEO from indexing new location)
307 Temporary redirection while keeping HTTP verb
308 Permanent redirection while keeping HTTP verb

FAQ

Is it really free?

Forwarding domains should be easy to setup.
I use this myself for domcloud.io.

How can I check redirects will work?

This service uses Google's Public DNS Resolver.
Once first accessed, values will be cached for a day.
For right now there's no way to flush the cache sorry.

Why it loads slowly?

It only slow at first time because it has to sign HTTPS certificates.

How about IPv6?

IPv6 record is added in r.forwarddomain.net so subdomain redirects will simply work with IPv6. We don't guarantee that its IPv6 address will be persistent though. See #2 for apex domains setup.

What records do we keep?

We only keep caches of DNS records and SSL certs. This also means we can see how many users and what domains are using our service from the software cache, but that's all. We don't keep log traffic nor keep any user data anywhere on our server.

How can I support this service?

Star our repo and spread the word, please :)

Additionally, you can also help us cover hosting costs.

Credits

Things in package.json. I also borrow code from zbo14/certnode.

Usual Disclaimer

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

forward-domain's People

Contributors

Stargazers

Watchers

Forkers

shop-conan flowops-team open-internet-space tehmasta de3sec manutheblacker social-air dzegarra cloudconduction rdwz ready ethicalsecurity-agency julianatthefrontend scaredstorm djktv djbe bassista

forward-domain's Issues

Record data is missing

Have done this in the DNS:
naplansolutions.com. IN A 167.172.5.31
naplansolutions.com. IN AAAA 2400:6180:0:d0::e08:a001
_.naplansolutions.com. IN TXT forward-domain=https://mathsbymayank.com/*

Am getting this error when I try put naplansolutions.com in the browser

The record data for "naplansolutions.com" is missing

Any suggestions?

Incorrect 'CAA record is not "letsencrypt.org"'

Getting this issue for the domain appwise.be. Doesn't seem to be related to #11.

The CAA records are there, there are even multiple (one for wildcards, and also one for iodef (reporting issues).

The call to dns.google/resolve results in:

{
  "Answer":
  [
    {
      "name": "appwise.be.",
      "type": 257,
      "TTL": 21600,
      "data": "0 issuewild \"letsencrypt.org\""
    },
    {
      "name": "appwise.be.",
      "type": 257,
      "TTL": 21600,
      "data": "0 issue \"letsencrypt.org\""
    },
    {
      "name": "appwise.be.",
      "type": 257,
      "TTL": 21600,
      "data": "0 iodef \"mailto:[email protected]\""
    }
  ]
}

I think the code is tripping up because of this, because it assumes there should only be one 257 record with the expected CAA contents. It should instead check in the list of 257 records if any is for issue, and if so, it must contain the value letsencrypt.org.

The spec for CAA records allows the flag field to be something else than 0, although I've yet to see something besides the value 0.

Potential solution would be changing the for loop here to something like:

const issueRecord = data.Answer.find( item =>
  item.type == 257 && typeof item.data === 'string' && item.data.startsWith('0 issue ')
);

if (issueRecord.data !== "0 issue \"letsencrypt.org\"") {
  return issueRecord.data;
} else {
  return null;
}

That last if test could even be a simple issueRecord.data.includes('letsencrypt.org'). I think the quotes (") are optional around a CAA value.

Note: I don't usually write JS code, so please ignore my formatting if it looks weird 😅

Docker Instance

Several people who wish to self-host this want to run this service inside Docker.

I'm not sure if this is doable but at least there's docker-compose.yml that exposes port based on .env config
and .certs mounted (for SSL cache files).

After that I will publish the image in the next major release.

Testing

Any idea how to implement some kind of automated testing?

Issue 'CAA record is not "letsencrypt.org"'

Hi,

First off thanks for providing such a service.

It seems that for every domain I implement the redirect the 'www' comes back with "CAA record is not "letsencrypt.org""

Is this a known issue or are we looking in the wrong direction for this issue?

Issues seen in an AWS cloud deployment

Hi,

Thanks so much for authoring this project - it is incredibly useful and well put-together, and I've found a great amount of value in it overall.

I stood up an instance of this a few months ago in an ubuntu t2.medium instance on AWS. For the most part, it works, but I occasionally get this error:

Oct 02 17:31:42 ip-10-48-1-253 redirect[27253]: {
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at file:///home/ubuntu/forward-domain/src/sni.js:61:53
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at Client.generateCertificate (file:///home/ubuntu/forward-domain/src/certnode/lib/client.js:83:44)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at processTicksAndRejections (node:internal/process/task_queues:95:5)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at Client.newOrder (file:///home/ubuntu/forward-domain/src/certnode/lib/client.js:286:19)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]: }
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "status": 400
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "detail": "JWS has an invalid anti-replay nonce: \"<edited-out>\"",
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "type": "urn:ietf:params:acme:error:badNonce",
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]: Error: newOrder() Status Code: 400 Data: {
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at file:///home/ubuntu/forward-domain/src/sni.js:61:53
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at Client.generateCertificate (file:///home/ubuntu/forward-domain/src/certnode/lib/client.js:83:44)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at processTicksAndRejections (node:internal/process/task_queues:95:5)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:     at Client.newOrder (file:///home/ubuntu/forward-domain/src/certnode/lib/client.js:286:19)
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]: }
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "status": 400
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "detail": "JWS has an invalid anti-replay nonce: \"<edited-out>\"",
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]:   "type": "urn:ietf:params:acme:error:badNonce",
Oct 02 17:31:40 ip-10-48-1-253 redirect[27253]: Error: newOrder() Status Code: 400 Data: {

My server is run via systemd, service reproduced here

[Unit]
Description=Redirect proxy service
After=syslog.target network.target postgresql.service

[Service]
User=ubuntu
Type=simple
LimitNOFILE=4096
IgnoreSIGPIPE=false
KillMode=process
Environment=NVM_DIR=/home/ubuntu/.nvm
Environment=PATH=/home/ubuntu/.nvm/versions/node/v18.17.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
ExecStart=/home/ubuntu/.nvm/versions/node/v18.17.1/bin/pm2-runtime /home/ubuntu/forward-domain/app.js -i max
Restart=always
RestartSec=5s
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=redirect

[Install]
WantedBy=multi-user.target

Curious what I am doing wrong to have these errors? Occasionally, when adding new domains or using old ones, the redirect does not work. I've seen this error with CNAMEs and A records, but more consistently with A records - I actually can't get A records to work right now, which is why I'm making the issue in general!

Thank you very much for your time here, and thanks again for the fantastic app!

Service forwarddomain.net is down

Hello, I would like to thank you for creating such a cool and useful project. I have been using Forward Domain for some time and it has been working great.

However, according to https://stats.uptimerobot.com/AA77Xt9Jx8, for the past two days, the service has been down and unavailable.

I just would like to let you know about this issue. Thank you again for your hard work on this project.

P. S.
I thought it would be back up in a day, but I had to resort to using a Cloudflare worker today to set up forwarding.

wildcard domain

is it possible or can it be added to redirect the wildcard entrie?

.*.mydomain.de. IN TXT forward-domain=https://example.com
is resulting in
"The TXT record data for ".test.mydomain.de" is missing"

Allow decide between using 301 or 302 http status in the TXT record

I found that the 301 status is hardcoded in the code. But not everyone wants to mark a domain/subdomain to be permanently moved to another. I think that could be configured in the same TXT record. What do you think?

[Request] IPv6

Just saw IPv6 got dropped in the major change, is there any chance to get it back?

This project fills an incredibly usefull niche for me, as I work with clients that host at providers chargin for ssl certs.
This means for their alias domains they would have to pay 1€/month/domain for the privilege of a simple https redirect which would barely get used.
I would gladly pay for the v4 and v6 IP of this service, if only to get back at those scummy webhosters.

The redirect using this service is already better than anything I've found elsewhere, but considering the webhoster fully supports IPv6 for the websites, it just doesn't feel right to only do IPv4 redirects.