update domain names with the cli (yet another topic)

fbartels

Hi @potemkin_ai,

generally I think it would be a better solution to use a dns provider that supports dns validation.

@potemkin_ai said in update domain names with the cli (yet another topic):

I understand I can do it GUI

Is that a typo? If its possible to do this in the gui then you just need to check which requests/commands it sends to the server when doing so. This is how I sniffed the requests I needed to make to trigger a full box backup and poll for its completion.

The api is also described at https://docs.cloudron.io/api.html

potemkin_ai

@fbartels there is no typo - I need to make it in command line (cli).

I wish I can easily change DNS providers, but since it's not the case, I need a way to automate that from the server.

fbartels

@potemkin_ai said in update domain names with the cli (yet another topic):

I need to make it in command line (cli).

Like I said, if its part of the web ui, then you can easily trigger it from the cli with curl. Just checked it myself and this is the request that gets sent (from the network console and then selected "copy as curl"):

curl 'https://my.cloud.ron/api/v1/cloudron/renew_certs' \
  -H 'authority: my.cloud.ron' \
  -H 'sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"' \
  -H 'dnt: 1' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'authorization: Bearer my-token' \
  -H 'content-type: application/json;charset=UTF-8' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'origin: https://my.cloud.ron' \
  -H 'sec-fetch-site: same-origin' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: my.cloud.ron' \
  -H 'accept-language: en,de-DE;q=0.9,de;q=0.8,en-US;q=0.7,nl-NL;q=0.6,nl;q=0.5,zh-TW;q=0.4,zh;q=0.3' \
  --data-raw '{}' \
  --compressed

(in the above example there are parts that can easily be removed)

potemkin_ai

@fbartels thank you; is there any other way, opposed to reverse engineer front-end from the back-end, or at least to make it more understandable and repeat-able, for those, who is not a front-end developer, like myself?

For example, how do I find this particular request, on top of dozens (at least) others? Would it be supported in the future or it's something that can be broken easily? Where do I get token? Can it expire?
If things can expire, is there any better way to handle things?

I understand it's not very typical request, I appreciate your help, just trying to make sense of it.

nebulon

@potemkin_ai while there is no cli subcommand as such, as @fbartels correctly mentioned, there is a REST api, which the Cloudron dashboard also uses.
I have documented it now at https://docs.cloudron.io/api.html#tag/Cloudron/paths/~1cloudron~1renew_certs/post

potemkin_ai

@nebulon oh, that's wonderful!

May I ask you for some help in here, please?

I did the call 'curl -k -X POST -H 'Content-Type: application/json' --data '{"domain": "sub.domain.name"}' https://mydomain.name//api/v1/cloudron/renew_certs

and it failed with the following error:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST //api/v1/cloudron/renew_certs</pre>
</body>
</html>

What am I missing here?

nebulon

@potemkin_ai were you using the dashboard domain. As in my.example.com ?

potemkin_ai

@nebulon nop; but I changed it to be my.sub-domain.domain.name, which is exactly a cloudron address, and get the very same error there.

As I wrote I realized that I used double slash after the domain name - that broke out things, which I didn't expected...

Got the new error - could you please, assist me - how to get the token?

{
  "status": "Unauthorized",
  "message": "Token required"
}

nebulon

@potemkin_ai you need to provide an access token for verification as mentioned on the top of https://docs.cloudron.io/api.html

Such api tokens can be created in the profile page in your Cloudron dashboard.

potemkin_ai

@nebulon Thank you.
For the future guys like me - that's in profile page.

I've added the token, but it still generate an error:

curl -k -X POST -H 'Content-Type: application/json' -H 'Bearer: $TOKEN' --data '{"domain": "my.sub.domain.com"}' https://my.sub.domain.com/api/v1/cloudron/renew_certs

Generates the same error:

{
  "status": "Unauthorized",
  "message": "Token required"

Request via ?access_token=<token> works, though.

Is there something I'm missing with passing token as a header? Tried both "Bearer: $token" and "Bearer $token" - same result.

fbartels

@potemkin_ai said in update domain names with the cli (yet another topic):

Is there something I'm missing with passing token as a header?

It needs to be -H "authorization: Bearer $TOKEN".

potemkin_ai

@fbartels , @nebulon thanks!

For the future me, here is a two minutes guide I wish I had when I started:

1. Go to the profile page on your Cloudron, generate the token there.
2. Create the script you want to be executed and here is the part of it, in charge of the API calls:

dns_host_name='my.your_instance.name'
token='token_you_just_generated'

set +e
set +x

#do your voodoo here; in my case - it's firewall rules altering

curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs
echo "You can check the status of the task at https://$dns_host_name/logs.html?taskId=$task_id_from_above"
sleep 180

#do your next voodoo here - in my case, altering firewall rules back

nebulon

So I guess this is solved now?

potemkin_ai

@nebulon indeed, thank you!

For the sake of future users, I guess it could make sense to add information about where to take token and full command line for cURL into the documentation, but it's not directly related to the case.