Meal/vectordns-server
1
0
Fork 0
mirror of https://github.com/DevVoxel/vectordns-server.git synced 2026-02-27 01:40:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
605e9dca5df56742e6182891074cefc2ccda33b2
vectordns-server/docs/configuration.md

3.3 KiB
Raw Blame History

Configuration

All server configuration is done via environment variables or a .env file in the project root.

Example .env

PORT=8080
API_KEY=your-secret-api-key
CORS_ORIGINS=https://yourdomain.com,https://app.yourdomain.com
LOG_FORMAT=json

Copy .env.example to get started:

cp .env.example .env

Environment Variables

Variable Default Required Description
PORT 8080 No Port the HTTP server listens on.
API_KEY No* Shared secret for API key auth. Auth is disabled when empty — do not leave empty in production.
CORS_ORIGINS http://localhost:3000 No Comma-separated list of allowed CORS origins.
LOG_FORMAT text No text for human-readable, json for structured logging (recommended for production).

API Key Authentication

The Go server uses a shared API key. This is intentional: the server is an internal service called only by the Next.js backend, not directly by end users.

When API_KEY is set, every request (except GET /health) must include:

X-API-Key: your-secret-api-key

Requests with a missing or incorrect key get 401 UNAUTHORIZED:

{
  "error": "missing or invalid API key",
  "code": "UNAUTHORIZED"
}

Calling from Next.js

const res = await fetch(`${process.env.DNS_SERVER_URL}/api/v1/dns/lookup`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-API-Key": process.env.DNS_API_KEY!,
  },
  body: JSON.stringify({ domain, types }),
});

Store DNS_API_KEY as a secret environment variable in your Next.js deployment. Never expose it client-side.

CORS

CORS is handled by go-chi/cors. Configure allowed origins via CORS_ORIGINS.

# Development
CORS_ORIGINS=http://localhost:3000

# Production (single domain)
CORS_ORIGINS=https://app.yourdomain.com

# Production (multiple domains)
CORS_ORIGINS=https://app.yourdomain.com,https://yourdomain.com

Since the Go server is an internal API called server-side by Next.js, CORS is mostly relevant for development. In production, only your Next.js server IP/domain needs access.

Rate Limiting

Rate limiting is provided by go-chi/httprate and is enabled by default.

  • Rate limiting is applied per IP address.
  • Limits are enforced at the router middleware level.
  • Requests exceeding the limit receive 429 Too Many Requests.

Per-API-key rate limiting (planned)

When billing tiers are added, rate limits will be enforced per API key:

Tier Limit
Free Limited requests per day, daily checks
Pro Higher limits, hourly checks
Team Highest limits, shared across org

Redis Caching (planned)

DNS result caching via Redis is on the roadmap. When available, the server will check Redis before querying upstream DNS, storing results with TTL-based expiry.

Planned configuration:

REDIS_URL=redis://localhost:6379
REDIS_TTL=300  # seconds

The cache layer will use go-redis as middleware before DNS resolution. A docker-compose.yml bundling the Go server with Redis will be provided for self-hosting. See self-hosting.md for the planned compose configuration.

Reference in New Issue View Git Blame Copy Permalink