trim and convert alias and host to lowercase

README.md

@@ -13,6 +13,8 @@ For full documentation, check out **[Wiki](https://github.com/yusing/go-proxy/wi
 
 **EN** | <a href="README_CHT.md">中文</a>
 
+**Currently working on [feat/godoxy-agent](https://github.com/yusing/go-proxy/tree/feat/godoxy-agent).<br/>Fork this instead of default branch.**
+
 <!-- [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
 [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
 [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy) -->

go.mod

@@ -3,28 +3,28 @@ module github.com/yusing/go-proxy
 go 1.23.5
 
 require (
-	github.com/PuerkitoBio/goquery v1.10.1
-	github.com/coder/websocket v1.8.12
-	github.com/coreos/go-oidc/v3 v3.12.0
-	github.com/docker/cli v27.5.1+incompatible
-	github.com/docker/docker v27.5.1+incompatible
-	github.com/fsnotify/fsnotify v1.8.0
-	github.com/go-acme/lego/v4 v4.21.0
-	github.com/go-playground/validator/v10 v10.24.0
-	github.com/gobwas/glob v0.2.3
-	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/gotify/server/v2 v2.6.1
-	github.com/lithammer/fuzzysearch v1.1.8
-	github.com/prometheus/client_golang v1.20.5
-	github.com/puzpuzpuz/xsync/v3 v3.5.0
-	github.com/rs/zerolog v1.33.0
-	github.com/vincent-petithory/dataurl v1.0.0
-	golang.org/x/crypto v0.33.0
-	golang.org/x/net v0.35.0
-	golang.org/x/oauth2 v0.26.0
-	golang.org/x/text v0.22.0
-	golang.org/x/time v0.10.0
-	gopkg.in/yaml.v3 v3.0.1
+	github.com/PuerkitoBio/goquery v1.10.1 // parsing HTML for extract fav icon
+	github.com/coder/websocket v1.8.12 // websocket for API and agent
+	github.com/coreos/go-oidc/v3 v3.12.0 // oidc authentication
+	github.com/docker/cli v27.5.1+incompatible // docker CLI
+	github.com/docker/docker v27.5.1+incompatible // docker daemon
+	github.com/fsnotify/fsnotify v1.8.0 // file watcher
+	github.com/go-acme/lego/v4 v4.21.0 // acme client
+	github.com/go-playground/validator/v10 v10.24.0 // validator
+	github.com/gobwas/glob v0.2.3 // glob matcher for route rules
+	github.com/golang-jwt/jwt/v5 v5.2.1 // jwt for default auth
+	github.com/gotify/server/v2 v2.6.1 // reference the Message struct for json response
+	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
+	github.com/prometheus/client_golang v1.20.5 // metrics
+	github.com/puzpuzpuz/xsync/v3 v3.5.0 // lock free map for concurrent operations
+	github.com/rs/zerolog v1.33.0 // logging
+	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
+	golang.org/x/crypto v0.33.0 // encrypting password with bcrypt
+	golang.org/x/net v0.35.0 // HTTP header utilities
+	golang.org/x/oauth2 v0.26.0 // oauth2 authentication
+	golang.org/x/text v0.22.0 // string utilities
+	golang.org/x/time v0.10.0 // time utilities
+	gopkg.in/yaml.v3 v3.0.1 // yaml parsing for different config files
 )
 
 require (
@@ -57,6 +57,7 @@ require (
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/ovh/go-ovh v1.7.0 // indirect

go.sum

@@ -113,6 +113,8 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
+github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=

internal/autocert/constants.go

@@ -5,6 +5,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
 	"github.com/go-acme/lego/v4/providers/dns/duckdns"
 	"github.com/go-acme/lego/v4/providers/dns/ovh"
+	"github.com/go-acme/lego/v4/providers/dns/porkbun"
 )
 
 const (
@@ -20,6 +21,7 @@ const (
 	ProviderClouddns   = "clouddns"
 	ProviderDuckdns    = "duckdns"
 	ProviderOVH        = "ovh"
+	ProviderPorkbun    = "porkbun"
 )
 
 var providersGenMap = map[string]ProviderGenerator{
@@ -28,4 +30,5 @@ var providersGenMap = map[string]ProviderGenerator{
 	ProviderClouddns:   providerGenerator(clouddns.NewDefaultConfig, clouddns.NewDNSProviderConfig),
 	ProviderDuckdns:    providerGenerator(duckdns.NewDefaultConfig, duckdns.NewDNSProviderConfig),
 	ProviderOVH:        providerGenerator(ovh.NewDefaultConfig, ovh.NewDNSProviderConfig),
+	ProviderPorkbun:    providerGenerator(porkbun.NewDefaultConfig, porkbun.NewDNSProviderConfig),
 }

internal/route/route.go

@@ -233,6 +233,9 @@ func (r *Route) UseAccessLog() bool {
 }
 
 func (r *Route) Finalize() {
+	r.Alias = strings.ToLower(strings.TrimSpace(r.Alias))
+	r.Host = strings.ToLower(strings.TrimSpace(r.Host))
+
 	isDocker := r.Container != nil
 	cont := r.Container
 

next-release.md

@@ -1,6 +1,84 @@
-GoDoxy v0.9.1 expected changes
+## GoDoxy v0.10.0
 
-- Support Ntfy notifications
-- Prometheus metrics server now inside API server under `/v1/metrics`
-  - `GODOXY_PROMETHEUS_ADDR` removed
-  - `GODOXY_PROMETHEUS_ENABLED` added, default `false`
+### GoDoxy Agent
+
+Maintain secure connection between main server and agent server by authenticating and encrypting connection with mTLS.
+
+Main benefits:
+
+- No more exposing docker socket: drops the need of `docker-socket-proxy`
+- No more exposing app ports: fewer attack surface
+  ```yaml
+  services:
+    app:
+      ...
+      # ports: # this part is not needed on agent server
+      #  - 6789
+  ```
+- Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted
+- Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI)
+
+#### How to setup
+
+Prerequisites:
+
+- GoDoxy main server must be running
+
+1. Create a directory for agent server, cd into it
+2. Copy `agent.compose.yml` into the directory
+3. Modify `agent.compose.yml` to set `REGISTRATION_ALLOWED_HOSTS`
+4. Run `docker-compose up -d` to start agent
+5. Follow instructions on screen to run command on GoDoxy main server
+6. Add config output to GoDoxy main server in `config.yml` under `providers.agents`
+   ```yaml
+   providers:
+     agents:
+       - 12.34.5.6:8889
+   ```
+
+### How does it work
+
+Setup flow:
+
+```mermaid
+flowchart TD
+    subgraph Agent Server
+        A[Create a directory] -->
+        B[Setup agent.compose.yml] -->
+        C[Set REGISTRATION_ALLOWED_HOSTS] -->
+        D[Run agent] -->
+        E[Wait for main server to register]
+
+        F[Respond to main server]
+        G[Agent now run in agent mode]
+    end
+    subgraph Main Server
+      E -->
+      H[Run register command] -->
+      I[Send registration request] --> F -->
+      J[Store client certs] -->
+      K[Send done request] --> G -->
+      L[Add agent to config.yml]
+    end
+```
+
+Run flow:
+
+```mermaid
+flowchart TD
+    subgraph Agent HTTPS Server
+        aa[Load CA and SSL certs] -->
+        ab[Start HTTPS server] -->
+
+        ac[Receive request] -->
+        ad[Verify client cert] -->
+        ae[Handle request] --> ac
+    end
+    subgraph Main Server
+        ma[Load client certs] -->
+        mb[Query agent version] --> ac
+        mb --> mc[Check if agent version matches] -->
+        md[Query agent info] --> ac
+        md --> ae --> me[Store agent info]
+    end
+```

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "godoxy-schemas",
-	"version": "0.9.2-2",
+	"version": "0.9.6",
 	"description": "JSON Schema and typescript types for GoDoxy configuration",
 	"license": "MIT",
 	"repository": {

schemas/config/autocert.d.ts

@@ -1,7 +1,7 @@
 import { DomainOrWildcard, Email } from "../types";
-export declare const AUTOCERT_PROVIDERS: readonly ["local", "cloudflare", "clouddns", "duckdns", "ovh"];
+export declare const AUTOCERT_PROVIDERS: readonly ["local", "cloudflare", "clouddns", "duckdns", "ovh", "porkbun"];
 export type AutocertProvider = (typeof AUTOCERT_PROVIDERS)[number];
-export type AutocertConfig = LocalOptions | CloudflareOptions | CloudDNSOptions | DuckDNSOptions | OVHOptionsWithAppKey | OVHOptionsWithOAuth2Config;
+export type AutocertConfig = LocalOptions | CloudflareOptions | CloudDNSOptions | DuckDNSOptions | OVHOptionsWithAppKey | OVHOptionsWithOAuth2Config | PorkbunOptions;
 export interface AutocertConfigBase {
     email: Email;
     domains: DomainOrWildcard[];
@@ -34,6 +34,13 @@ export interface DuckDNSOptions extends AutocertConfigBase {
         token: string;
     };
 }
+export interface PorkbunOptions extends AutocertConfigBase {
+    provider: "porkbun";
+    options: {
+        api_key: string;
+        secret_api_key: string;
+    };
+}
 export declare const OVH_ENDPOINTS: readonly ["ovh-eu", "ovh-ca", "ovh-us", "kimsufi-eu", "kimsufi-ca", "soyoustart-eu", "soyoustart-ca"];
 export type OVHEndpoint = (typeof OVH_ENDPOINTS)[number];
 export interface OVHOptionsWithAppKey extends AutocertConfigBase {

schemas/config/autocert.js

@@ -4,6 +4,7 @@ export const AUTOCERT_PROVIDERS = [
     "clouddns",
     "duckdns",
     "ovh",
+    "porkbun",
 ];
 export const OVH_ENDPOINTS = [
     "ovh-eu",

schemas/config/autocert.ts

@@ -6,6 +6,7 @@ export const AUTOCERT_PROVIDERS = [
   "clouddns",
   "duckdns",
   "ovh",
+  "porkbun",
 ] as const;
 
 export type AutocertProvider = (typeof AUTOCERT_PROVIDERS)[number];
@@ -16,7 +17,8 @@ export type AutocertConfig =
   | CloudDNSOptions
   | DuckDNSOptions
   | OVHOptionsWithAppKey
-  | OVHOptionsWithOAuth2Config;
+  | OVHOptionsWithOAuth2Config
+  | PorkbunOptions;
 
 export interface AutocertConfigBase {
   /* ACME email */
@@ -59,6 +61,13 @@ export interface DuckDNSOptions extends AutocertConfigBase {
   };
 }
 
+export interface PorkbunOptions extends AutocertConfigBase {
+  provider: "porkbun";
+  options: {
+    api_key: string;
+    secret_api_key: string;
+  };
+}
 export const OVH_ENDPOINTS = [
   "ovh-eu",
   "ovh-ca",