An echoip and dns explorer service written with axum in rust. https://echoip.slatecave.net
Go to file
2023-02-24 21:38:33 +01:00
src Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
templates Made dns more useful 2023-02-24 20:17:25 +01:00
.gitignore Write some major geolocation shuffling around code 2023-02-17 18:45:37 +01:00
Cargo.lock Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
Cargo.toml Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
echoip_config.toml Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
echoip_test.toml Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
LICENSE Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00
README.md Rename to echoip-slatecave, AGPL License and README 2023-02-24 21:38:33 +01:00

echoip-slatecave

This is a service inspired by ifconfig.co, but built from scratch with a more useful feature set (in rust !!1!).

It is Licensed under the AGPL-v3 license.

Building

Simply run cargo build after cloning. The binary should be called target/debug/echoip-slatecave.

To make a release build (the one you want to have on your server) run cargo build --relese, the binary will end up in target/release/echoip-slatecave.

NOTE: As of 2023-02-18 You need at least version 1.65 of the rust compiler. Consider using rustup.

Usage and configuration

Without any configuration echoip-slatecave will be readchable on http://localhost:3000 and use the templates folder relative to the pwd for its templates.

Before running it on your server read the security considerations first!

Commandline arguments

On the commandline echoip-slatecave accepts options for configuring the address to listen on and where to search for files overriding what is specified in the configuration file.

Use echoip-slatecave --help to get an up to date list.

Configuration file

This section is about the general configration file you specify with --config.

You can find an example configuration file with sane defaults for a public deployment behind a proxy in the echoip_config.toml file.

A less sane, but better for testing version can be found in echoip_test.toml.

Templates

Templates in the templates folder exist for every rich page that echoip-slatecave supports.

The code that rendeers them can be found in src/templating_engine.rs.

There is a configuration file for templates which by default is the extra.toml file in the template directory. Its content is exposed to the templates in the extra struct.

The default templates should make use of everything exposed to the templating part, the data.result or data object is usually what you get when you ask for the json version.

The templates are covered by the AGPL as well, please share them with your users if you modified them.

Security Considerations

Information disclosure

echoip-slatecave allows anyone with access to its web interface to place queries that result in multiple DNS lookups to your system configured DNS Sever. This can leak internal name mappings, the configuration file gives you some tools to limit what is exposed.

Most noably you can disable reverse dns lookups, hide domains with given suffixes and disable reverse lookup for ip-ranges that are classified as private or local.

https and reverse proxy

echoip-slatecave only exposes an unencrypted http interface to keep the service itself simple. For a public service you should use a reverse proxy like Caddy, apache2 or nginx and configure the ip_header option, see the echoip_config.toml file. Usually the preconfigured RightmostXForwardedFor is the correct one, but please doublecheck it matches your servers configuration, it should fail by simply not working, but no guarantees given.

Denail of Service

echoip-slatecave currently doesn't have any protection mechanisms against overuse or a full (D)DOS, make sure you know how to to use your filewall (i.e. nftables) or you have fail2ban set up.

License

Copyright (c) 2023 Slatian

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.

This applies to all files (except for the configuration files, that would be nonsense) in this repository unless marked otherwise.