dfinity
diff --git a/‎Cargo.lock‎
Lines changed: 522 additions & 483 deletions b/‎Cargo.lock‎
Lines changed: 522 additions & 483 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 15 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎benches/domain_lookup.rs‎
Lines changed: 1 addition & 0 deletions b/‎benches/domain_lookup.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎repro-env.lock‎
Lines changed: 136 additions & 112 deletions b/‎repro-env.lock‎
Lines changed: 136 additions & 112 deletions
diff --git a/‎rust-toolchain.toml‎
Lines changed: 1 addition & 1 deletion b/‎rust-toolchain.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/cli.rs‎
Lines changed: 3 additions & 0 deletions b/‎src/cli.rs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/core.rs‎
Lines changed: 58 additions & 2 deletions b/‎src/core.rs‎
Lines changed: 58 additions & 2 deletions
@@ -32,8 +32,13 @@ clickhouse = { version = "0.13.1", features = [
     "rustls-tls-ring",
     "rustls-tls-webpki-roots",
 ], optional = true }
+cloudflare = { version = "0.14.0", default-features = false, features = [
+    "rustls-tls",
+] }
 console-subscriber = { version = "0.4.1", optional = true }
 ctrlc = { version = "3.4.5", features = ["termination"] }
+custom-domains-backend = { package = "backend", git = "https://github.com/dfinity/custom-domains", rev = "2113c19f3cc925b2b77f092e45daf5ed1dd3bda0" }
+custom-domains-base = { package = "base", git = "https://github.com/dfinity/custom-domains", rev = "2113c19f3cc925b2b77f092e45daf5ed1dd3bda0" }
 derive-new = "0.7.0"
 fqdn = { version = "0.4.1", features = ["serde"] }
 futures = "0.3.31"
@@ -48,7 +53,8 @@ http = "1.3.1"
 http-body = "1.0.1"
 http-body-util = "0.1.2"
 humantime = "2.2.0"
-ic-bn-lib = { git = "https://github.com/dfinity/ic-bn-lib", rev = "e23f4a8cf3bd7c06b8ef329d3c1e6117ea71b832", features = [
+ic-bn-lib = { git = "https://github.com/dfinity/ic-bn-lib", rev = "b5cd9d68c2c5ac3482c8a4f4a4dfb366f8ffdcff", features = [
+    "acme",
     "vector",
     "cert-providers",
     "clients-hyper",
@@ -149,3 +155,11 @@ harness = false
 [[bench]]
 name = "http_gateway"
 harness = false
+
+[[bin]]
+name = "create-acme-account"
+path = "tools/create_acme_account.rs"
+
+[[bin]]
+name = "cloudflare-check"
+path = "tools/cloudflare_check.rs"
@@ -34,6 +34,7 @@ fn criterion_benchmark(c: &mut Criterion) {
         .map(|x| CustomDomain {
             name: x,
             canister_id: principal!("aaaaa-aa"),
+            timestamp: 0,
         })
         .collect::<Vec<_>>();
 
 
@@ -1,4 +1,4 @@
 [toolchain]
-channel = "1.90.0"
+channel = "1.91.0"
 targets = ["x86_64-unknown-linux-musl"]
 profile = "default"
@@ -55,6 +55,9 @@ pub struct Cli {
     #[command(flatten, next_help_heading = "Domains")]
     pub domain: Domain,
 
+    #[command(flatten, next_help_heading = "Custom Domains")]
+    pub custom_domains: Option<custom_domains_base::cli::CustomDomainsCli>,
+
     #[command(flatten, next_help_heading = "Policy")]
     pub policy: Policy,
 
 
@@ -5,9 +5,15 @@ use std::{
 
 use anyhow::{Context, Error, anyhow};
 use axum::Router;
+use custom_domains_backend::setup;
 use ic_bn_lib::{
     custom_domains::{self, ProvidesCustomDomains},
-    http::{self as bnhttp, dns::ApiBnResolver, middleware::waf::WafLayer, redirect_to_https},
+    http::{
+        self as bnhttp,
+        dns::{ApiBnResolver, Options as DnsOptions},
+        middleware::waf::WafLayer,
+        redirect_to_https,
+    },
     tasks::TaskManager,
     tls::{prepare_client_config, providers::ProvidesCertificates, verify::NoopServerCertVerifier},
     utils::health_manager::HealthManager,
@@ -92,7 +98,8 @@ pub async fn main(
         .context("unable to create Prometheus registry")?;
 
     // DNS resolver
-    let dns_resolver = bnhttp::dns::Resolver::new((&cli.dns).into());
+    let dns_options: DnsOptions = (&cli.dns).into();
+    let dns_resolver = bnhttp::dns::Resolver::new(dns_options.clone());
 
     // HTTP client
     let mut http_client_opts: bnhttp::client::Options = (&cli.http_client).into();
@@ -173,6 +180,25 @@ pub async fn main(
     // HTTP server metrics
     let http_metrics = bnhttp::server::Metrics::new(&registry);
 
+    // Setup custom domains
+    let custom_domains_router = if let Some(v) = &cli.custom_domains {
+        let router = setup_custom_domains(
+            v,
+            dns_options,
+            &registry,
+            &mut tasks,
+            &mut certificate_providers,
+            &mut custom_domain_providers,
+        )
+        .await
+        .context("unable to setup Custom Domains")?;
+
+        warn!("Custom Domains: initialized");
+        Some(router)
+    } else {
+        None
+    };
+
     // Setup Certificate Issuers
     let issuers = setup_issuers(cli, &mut tasks, http_client.clone(), &registry);
 
@@ -252,6 +278,7 @@ pub async fn main(
         shutdown_token.clone(),
         vector.clone(),
         waf_layer,
+        custom_domains_router,
         #[cfg(feature = "clickhouse")]
         clickhouse.clone(),
     )
@@ -345,3 +372,32 @@ pub async fn main(
 
     Ok(())
 }
+
+async fn setup_custom_domains(
+    cli: &custom_domains_base::cli::CustomDomainsCli,
+    dns_options: DnsOptions,
+    metrics_registry: &Registry,
+    tasks: &mut TaskManager,
+    certificate_providers: &mut Vec<Arc<dyn ProvidesCertificates>>,
+    custom_domain_providers: &mut Vec<Arc<dyn ProvidesCustomDomains>>,
+) -> Result<Router, Error> {
+    let token = tasks.token();
+    let (workers, router, client) = setup(
+        cli,
+        dns_options,
+        token,
+        HOSTNAME.get().unwrap(),
+        metrics_registry.clone(),
+    )
+    .await?;
+
+    for (i, worker) in workers.into_iter().enumerate() {
+        tasks.add(&format!("custom_domains_worker_{i}"), Arc::new(worker));
+    }
+    tasks.add("custom_domains_canister_client", client.clone());
+
+    certificate_providers.push(client.clone());
+    custom_domain_providers.push(client);
+
+    Ok(router)
+}