-
Notifications
You must be signed in to change notification settings - Fork 110
Home
Please note this wiki will discuss configuration issues with the docker setup of your Canarytokens Server. If you are looking for additional Canarytokens help you can head over to our Canarytokens Wiki.
Yes, it will need to be made the authoritative DNS server for the domain you choose.
We have created a step by step guide over here.
We found that Ubuntu 18.04+ had systemd-resolved enabled by default which would clash with our setup. You can disable it by:
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
Another more manual solution would be to modify the docker-compose.yml (or docker-compose-lets-encrypt.yml) file like such. Under the section switchboard, change to:
ports:
- "<EXTERNAL_IP>:53:53/tcp"
- "<EXTERNAL_IP>:53:53/udp"
where <EXTERNAL_IP> is the public IP you want to access your docker from.
We don't want to force connections to example.com to upgrade to HTTPS because our Canarytokens will be using the same example.com/token/img.jpg and we do not want to force Canarytoken connections to upgrade to HTTPS (we have discussed this internally).
The option here would be have to two separate domains, one for frontend and one for Canarytoken connections. The frontend domain, example.com could be setup to upgrade connections, while the Canarytoken connection domain, example2.com could be setup to not.
This would require some changes on the Nginx config side to route requests for different domains to different backend services (frontend or switchboard). We don't recommend going this route.