mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 23:51:59 +01:00
78 lines
2.0 KiB
Bash
78 lines
2.0 KiB
Bash
|
#! /bin/sh
|
||
|
|
||
|
reserved=8388608
|
||
|
availableMemory=$((1024 * $(fgrep MemAvailable /proc/meminfo | sed 's/[^0-9]//g') - $reserved))
|
||
|
if [ $availableMemory -le 0 ]; then
|
||
|
exit 1
|
||
|
fi
|
||
|
msg_cache_size=$(($availableMemory / 3))
|
||
|
rr_cache_size=$(($availableMemory / 3))
|
||
|
nproc=$(nproc)
|
||
|
if [ $nproc -gt 1 ]; then
|
||
|
threads=$(($nproc - 1))
|
||
|
else
|
||
|
threads=1
|
||
|
fi
|
||
|
|
||
|
sed \
|
||
|
-e "s/@MSG_CACHE_SIZE@/${msg_cache_size}/" \
|
||
|
-e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
|
||
|
-e "s/@THREADS@/${threads}/" \
|
||
|
> /opt/unbound/etc/unbound/unbound.conf << EOT
|
||
|
server:
|
||
|
verbosity: 1
|
||
|
num-threads: @THREADS@
|
||
|
interface: 0.0.0.0@53
|
||
|
so-reuseport: yes
|
||
|
edns-buffer-size: 1252
|
||
|
delay-close: 10000
|
||
|
cache-min-ttl: 60
|
||
|
cache-max-ttl: 86400
|
||
|
do-daemonize: no
|
||
|
username: "_unbound"
|
||
|
log-queries: no
|
||
|
hide-version: yes
|
||
|
identity: "DNSCrypt"
|
||
|
harden-short-bufsize: yes
|
||
|
harden-large-queries: yes
|
||
|
harden-glue: yes
|
||
|
harden-dnssec-stripped: yes
|
||
|
harden-below-nxdomain: yes
|
||
|
harden-referral-path: no
|
||
|
do-not-query-localhost: no
|
||
|
prefetch: yes
|
||
|
prefetch-key: yes
|
||
|
rrset-roundrobin: yes
|
||
|
minimal-responses: yes
|
||
|
chroot: "/opt/unbound/etc/unbound"
|
||
|
directory: "/opt/unbound/etc/unbound"
|
||
|
auto-trust-anchor-file: "var/root.key"
|
||
|
num-queries-per-thread: 4096
|
||
|
outgoing-range: 8192
|
||
|
msg-cache-size: @MSG_CACHE_SIZE@
|
||
|
rrset-cache-size: @RR_CACHE_SIZE@
|
||
|
access-control: 0.0.0.0/0 allow
|
||
|
access-control: ::0/0 allow
|
||
|
|
||
|
local-zone: "belkin." static
|
||
|
local-zone: "corp." static
|
||
|
local-zone: "domain." static
|
||
|
local-zone: "example." static
|
||
|
local-zone: "home." static
|
||
|
local-zone: "host." static
|
||
|
local-zone: "invalid." static
|
||
|
local-zone: "lan." static
|
||
|
local-zone: "local." static
|
||
|
local-zone: "localdomain." static
|
||
|
local-zone: "test." static
|
||
|
EOT
|
||
|
|
||
|
mkdir -p /opt/unbound/etc/unbound/dev && \
|
||
|
cp -a /dev/random /dev/urandom /opt/unbound/etc/unbound/dev/
|
||
|
|
||
|
mkdir -p -m 700 /opt/unbound/etc/unbound/var && \
|
||
|
chown _unbound:_unbound /opt/unbound/etc/unbound/var && \
|
||
|
/opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
|
||
|
|
||
|
exec /opt/unbound/sbin/unbound
|