Log client ips

[Yannik]

Fixes #268.

[coveralls]

Coverage increased (+0.03%) to 73.147% when pulling ac7e0b7 on Yannik:log-ips into 68bb6ab on joohoi:master.

[lan10rd]

sweet nice i was hoping i wouldnt have to do that, any chance we can add a deny from in config.cfg or otherwise that can help “block” or how would you go about it? i really suck at ufw and dns stuff and i would personally love to spin up boxes on digitalocean etc and just pull a docker image and pull a config from github and rock roll (ill have to rebuild an image from this commit but at least its a atart! thaks @Yannik!

[lan10rd]

i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts by ip address with an interval to check or theres probably a rate limit package like there is for node

[Yannik]

@lanl0rd Rate limiting needs to limited to domains which could not possibly be valid acme-dns subdomains, because otherwise third parties could dos your acme-dns service by repeatedly requesting certificates from letsencrypt (hence, the letsencrypt server will get blocked).

I will implement a fail2ban filter which implements rate limiting and post about it here. (currently blocked by fail2ban/fail2ban#3062)

[Yannik]

We now have a working fail2ban filter for this: #268 (comment)

[lan10rd]

yayy

[candlerb]

@lan10rd:

i wouldnt mind an auto deny that uses a rate limit feature, i am not an avid go dev but i mean even a simple map of counts by ip address with an interval to check or theres probably a rate limit package like there is for node

Yes, there is golang.org/x/time/rate. Simple exposition here.