Skip to content
JayJB edited this page Aug 20, 2021 · 5 revisions

Welcome to the Canarytokens Docker wiki!

Please note this wiki will discuss configuration issues with the docker setup of your Canarytokens Server. If you are looking for additional Canarytokens help you can head over to our Canarytokens Wiki.

FAQ

Does my Canarytokens Server need to be the Authoritative DNS server for my domain?

Yes, it will need to be made the authoritative DNS server for the domain you choose.

How do I make my Canarytokens Server the Authoritative DNS server for my domain?

Name resolution is failing on Ubuntu 18.04

We found that Ubuntu 18.04 had systemd-resolved enabled by default which would clash with our setup. You can disable it by:

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

Another more manual solution would be to modify the docker-compose.yml (or docker-compose-lets-encrypt.yml) file like such. Under the section switchboard, change to:

ports:
- "<EXTERNAL_IP>:53:53/tcp"
- "<EXTERNAL_IP>:53:53/udp"

where <EXTERNAL_IP> is the public IP you want to access your docker from.

Can I enable HSTS on my Canarytokens Server? i.e. auto redirect people to HTTPS instead of HTTP

We don't want to force connections to example.com to upgrade to HTTPS because our Canarytokens will be using the same example.com/token/img.jpg and we do not want to force Canarytoken connections to upgrade to HTTPS (we have discussed this internally).

The option here would be have to two separate domains, one for frontend and one for Canarytoken connections. The frontend domain, example.com could be setup to upgrade connections, while the Canarytoken connection domain, example2.com could be setup to not.

This would require some changes on the Nginx config side to route requests for different domains to different backend services (frontend or switchboard). We don't recommend going this route.

Clone this wiki locally