Cannot get Canarytokens working on Custom Domain

[nikhilweee]

I'd like to know more about setting up a custom domain to work with canarytokens.
I've followed the docker install procedure and the web bugs and QR code work fine, but DNS tokens, SMTP and PDF don't.

Here are the logs that I get for different cases:

Web Bugs: NGINX logs
nginx          | <ip-address> - - [30/Sep/2016:08:28:46 +0000] "GET /static/tags/terms/wum4tq19yd0qhzmg4p3brkqn5/index.html HTTP/1.1" 200 66 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36"

Web Bugs: Switchboard logs
2016-09-30 08:28:45+0000 [HTTPChannel,0,172.18.0.5] {'src_ip': '<ip-address>', 'useragent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36', 'referer': None, 'location': None}
2016-09-30 08:28:45+0000 [-] {'body': '\n\nOne of your canarydrops was triggered.\n\nChannel: HTTP\nTime   : 2016-09-30 08:28:45.747651\nMemo   : Memo Text\nSource IP: <ip-address>\nUser-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36\n\nManage your settings for this Canarydrop:\nhttp://<domain>/manage?token=wum4tq19yd0qhzmg4p3brkqn5&auth=6664a7601c23062e32b6fd700fe212f2\n', 'from_display': '"ALERT Canarytokens"', 'from_address': '<email address>', 'subject': '"ALERT - StationX Canarytoken Triggered"'}
2016-09-30 08:28:46+0000 [HTTPChannel,0,172.18.0.5] Sent alert to <email> for token wum4tq19yd0qhzmg4p3brkqn5
2016-09-30 08:28:46+0000 [HTTPChannel,0,172.18.0.5] "Could not get a fortune: Command '/usr/games/fortune' returned non-zero exit status 1"
2016-09-30 08:28:46+0000 [-] "172.18.0.5" - - [30/Sep/2016:08:28:43 +0000] "GET /static/tags/terms/wum4tq19yd0qhzmg4p3brkqn5/index.html HTTP/1.0" 200 55 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36"

These work, but PDF tokens and DNS don't.

PDF Tokens: NGINX logs
nginx          | <ip-address> - - [30/Sep/2016:08:30:01 +0000] "GET /EMYOTBSJOIYDIOEHIXVNAIXLONGJEBV HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36"

PDF Tokens: Switchboard logs
2016-09-30 08:30:02+0000 [HTTPChannel,3,172.18.0.5] 'Error in render GET: No Canarytoken found in /favicon.ico'
2016-09-30 08:30:02+0000 [-] "172.18.0.5" - - [30/Sep/2016:08:30:01 +0000] "GET /favicon.ico HTTP/1.0" 200 55 "http://wum4tq19yd0qhzmg4p3brkqn5.<domain>.com/EMYOTBSJOIYDIOEHIXVNAIXLONGJEBV" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36"

In the case of DNS tokens, I cannot see any entry in any of the logs.
For SMTP Tokens, the email delivery fails.

Any help regarding the setup of the domain would be seriously appreciated.
Thanks

[thinkst]

Hi @nikhilweee,

We've just updated the source and docker images which should fix the HTTP channel issue with missing fortune and the SMTP issue. Would you be able to try again?

For DNS, has the your domain being configure with NS records pointing at your instance? Are you able to query the your tokens server directly? (With a command like dig @${SERVER_IP} ${DNSTOKEN})

[nikhilweee]

Thanks for your reply. I somehow figured it out yesterday. The domain's NS records should point to the instance. That solved the issue. I think this should be documented in the readme as well. Someone else might be facing the same issue and eventually giving up!

[thinkst]

Glad to hear it's working. The NS record requirement is documented here:

https://github.com/thinkst/canarytokens-docker#setup-in-ubuntu

If there's a way we can make it clearer, please let submit a pull request or let us know.