search

dec0dOS / zero-ui

ZeroUI - ZeroTier Controller Web UI - is a web user interface for a self-hosted ZeroTier network controller.
GNU General Public License v3.0
912 stars 146 forks source link

feat: DNS and search domain pushed to clients #160

Open daymr opened 1 year ago

daymr commented 1 year ago

Feature Request

Describe the Feature Request

The ability to configure domain and DNS that is pushed to zerotier clients. Similar to Zerotier Central hosted solution.. image

Describe Preferred Solution

enable the webUI to POST to API the following... http://localhost:9993/controller/network/{networkID}

"dns": { "domain": "some.domain", "servers": ["10.0.0.3"] }

Describe Alternatives

I have developed a dirty workaround for my windows deployment because of the lack of the proposed functionality... Powershell deployment script to clients..

###########################################################################################`
#########             SET THESE VARIABLES!!!!!!                               #############
###########################################################################################

### Zerotier Network ID ###
$NetworkID = ""

### Zerotier IPs of Domain Controllers and/or other DNS) ###
$ztdns1 = ""
$ztdns2 = ""

###########################################################################################
###############       DO NOT EDIT BELOW    ###################
###########################################################################################

### Download MSI file
$Folder = 'C:\ZT_install'
"Test to see if folder [$Folder]  exists"
if (Test-Path -Path $Folder) {
    "Path exists!"
} else {
    New-Item -Path "C:\" -Name "ZT_install" -ItemType Directory
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://download.zerotier.com/dist/ZeroTier%20One.msi" -OutFile "C:\ZenithIT\ZeroTierOne.msi"

#### Start Installation
Start-Process -FilePath ZeroTierOne.msi -WorkingDirectory $Folder  -ArgumentList '/qn','/norestart'

### 30 second delay
Timeout /NoBreak 30

### Join ZeroTier Network

$zerotiercli = "C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe"
$param1 = "-q"
$param2 = "join"

& $zerotiercli $param1 $param2 $NetworkID

### 15 second delay
Timeout /NoBreak 15

### Manually Sets DNS on zerotier NIC from variables
$ztdns_all = $ztdns1 + "," + $ztdns2
$nicsearch = "*" + $NetworkID + "*"
$ZT_NIC = $ifIndexVariable = Get-NetAdapter -Name $nicsearch | Select-Object -ExpandProperty 'ifIndex'

Set-DnsClientServerAddress -Interfaceindex $ZT_NIC -ServerAddresses ($ztdns_all)
write-host DNS set to $ztdns_all
Write-host "Setup Complete"

Related Code

enable the webUI to POST to API the following... http://localhost:9993/controller/network/{networkID}

"dns": { "domain": "some.domain", "servers": ["10.0.0.3"] }

Additional Context

none

If the feature request is approved, would you be willing to submit a PR? Yes

stevelup commented 7 months ago

I realise I'm replying to an old issue, but you -can- do this anyway, just not via the UI.

Just add this to the ports section of the zerotier service in docker-compose so that you can directly access the controller... - "9993:9993/tcp"

... and then restart the docker ... docker-compose up -d

Then execute this:-

TOKEN=$(sudo cat /srv/zero-ui/zerotier-one/authtoken.secret)
NWID=your_network_id

curl -X POST "http://localhost:9993/controller/network/${NWID}" -H "X-ZT1-AUTH: ${TOKEN}" \
    -d '{"dns": { "domain": "YOUR-DOMAIN-HERE", "servers": ["192.168.1.2","192.168.1.3"] } }'

Obviously you need to make sure 9993/tcp is blocked at the firewall level if you do this.

bruteForce93 commented 4 months ago

I realise I'm replying to an old issue, but you -can- do this anyway, just not via the UI.

Just add this to the ports section of the zerotier service in docker-compose so that you can directly access the controller... - "9993:9993/tcp"

... and then restart the docker ... docker-compose up -d

Then execute this:-

TOKEN=$(sudo cat /srv/zero-ui/zerotier-one/authtoken.secret)
NWID=your_network_id

curl -X POST "http://localhost:9993/controller/network/${NWID}" -H "X-ZT1-AUTH: ${TOKEN}" \
    -d '{"dns": { "domain": "YOUR-DOMAIN-HERE", "servers": ["192.168.1.2","192.168.1.3"] } }'

Obviously you need to make sure 9993/tcp is blocked at the firewall level if you do this.

This doesn't work at all...access denied

stevelup commented 4 months ago

Did you replace 'your_network_id' with your network ID?

bruteForce93 commented 4 months ago

Did you replace 'your_network_id' with your network ID?

I won't risk running the above command and ruining an already wicked deployement...

curl "http://zerotier:9993/controller/network/e2df222b16f332ce/member" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: zerotier

I am sorry for the rudeness but this UI is so badly documented that you have to trial and error until you "make" it work. And then you just can't communicate with the API at all.

Let me tell you this. I deployed the container yesterday following strictly the "installation guide" and it didn't work out of the box (apparently). I then installed zerotier-one and managed to login to localhost:4000 but could not create a network (the button wouldn't respond even if you cleared the cache). THEN I removed the zerotier-one package (sudo remove didn't remove the var/lib/zerotier-one directory at all (lol)) and only then managed to create a network. Now I cannot join the controller to the network because where am I supposed to look at? You get two zerotier directories in var/lib and srv/zero-ui with separate tokens. I think this is some bad comedy already but it is actually sad. Because this image mitigates some problems with ztncui but all this container stuff makes it a big no go.

stevelup commented 4 months ago

You are attempting to connect to 'zerotier' not localhost. And anyway, even if it did work, it wouldn't have worked because you're targeting the wrong folder there. The zerotier instance that belongs to zero-ui is in /srv/zero-ui.

I can't comment on the rest of your post... All I can tell you is that everything worked first time for me out of the box. You do not need to (and should not have) manually installed zerotier. It's part of the container - so you now have two copies of zerotier on that machine.

I'd start again from scratch to be honest.