mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 15:32:01 +01:00
Merge branch 'master' of github.com:DNSCrypt/dnscrypt-server-docker
* 'master' of github.com:DNSCrypt/dnscrypt-server-docker: Fix incorrect port in README for Docker Compose (#107) Updated Kubernetes configurations and added docker-compose support (#106)
This commit is contained in:
commit
2b2a488d30
@ -73,6 +73,8 @@ COPY encrypted-dns.sh /var/svc/encrypted-dns/run
|
|||||||
|
|
||||||
COPY watchdog.sh /var/svc/watchdog/run
|
COPY watchdog.sh /var/svc/watchdog/run
|
||||||
|
|
||||||
|
RUN ln -sf /opt/encrypted-dns/etc/keys/encrypted-dns.toml /opt/encrypted-dns/etc/encrypted-dns.toml
|
||||||
|
|
||||||
VOLUME ["/opt/encrypted-dns/etc/keys"]
|
VOLUME ["/opt/encrypted-dns/etc/keys"]
|
||||||
|
|
||||||
EXPOSE 443/udp 443/tcp 9100/tcp
|
EXPOSE 443/udp 443/tcp 9100/tcp
|
||||||
|
16
README.md
16
README.md
@ -20,6 +20,7 @@ Table of contents:
|
|||||||
- [TLS (including HTTPS and DoH) forwarding](#tls-including-https-and-doh-forwarding)
|
- [TLS (including HTTPS and DoH) forwarding](#tls-including-https-and-doh-forwarding)
|
||||||
- [Filtering](#filtering)
|
- [Filtering](#filtering)
|
||||||
- [Join the network](#join-the-network)
|
- [Join the network](#join-the-network)
|
||||||
|
- [Usage with Docker Compose](#usage-with-docker-compose)
|
||||||
- [Usage with Kubernetes](#usage-with-kubernetes)
|
- [Usage with Kubernetes](#usage-with-kubernetes)
|
||||||
- [Customizing Unbound](#customizing-unbound)
|
- [Customizing Unbound](#customizing-unbound)
|
||||||
- [Changing the Unbound configuration file](#changing-the-unbound-configuration-file)
|
- [Changing the Unbound configuration file](#changing-the-unbound-configuration-file)
|
||||||
@ -202,8 +203,8 @@ in minutes.
|
|||||||
|
|
||||||
- Create a static IP on GCE. This will be used for the LoadBalancer.
|
- Create a static IP on GCE. This will be used for the LoadBalancer.
|
||||||
- Edit `kube/dnscrypt-init-job.yml`. Change `example.com` to your desired hostname
|
- Edit `kube/dnscrypt-init-job.yml`. Change `example.com` to your desired hostname
|
||||||
and `192.0.2.53` to your static IP.
|
and `127.0.0.1` to your static IP.
|
||||||
- Edit `kube/dnscrypt-srv.yml` and change `loadBalancerIP` to your static IP.
|
- Edit `kube/dnscrypt-srv.yml` and change `loadBalancerIP` to your static IP in both locations.
|
||||||
- Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys.
|
- Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys.
|
||||||
- Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server.
|
- Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server.
|
||||||
- Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world.
|
- Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world.
|
||||||
@ -211,6 +212,17 @@ and `192.0.2.53` to your static IP.
|
|||||||
To get your public key just view the logs for the `dnscrypt-init` job. The public
|
To get your public key just view the logs for the `dnscrypt-init` job. The public
|
||||||
IP for your server is merely the `dnscrypt` service address.
|
IP for your server is merely the `dnscrypt` service address.
|
||||||
|
|
||||||
|
# Usage with Docker Compose
|
||||||
|
|
||||||
|
You can setup a server very quickly with Docker Compose.
|
||||||
|
|
||||||
|
- Run `docker-compose up`
|
||||||
|
- Ctrl-C after keys are setup.
|
||||||
|
- Edit `docker-compose.yml` to use the start command.
|
||||||
|
- Run `docker-compose up`
|
||||||
|
|
||||||
|
Now you will have a local server running on port 5443.
|
||||||
|
|
||||||
# Customizing Unbound
|
# Customizing Unbound
|
||||||
|
|
||||||
## Changing the Unbound configuration file
|
## Changing the Unbound configuration file
|
||||||
|
17
docker-compose.yml
Normal file
17
docker-compose.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
dnscrypt:
|
||||||
|
image: zquestz/dnscrypt-server:latest
|
||||||
|
container_name: dnscrypt
|
||||||
|
restart: always
|
||||||
|
command: "init -N example.com -E '127.0.0.1:5443'"
|
||||||
|
# command: "start"
|
||||||
|
ports:
|
||||||
|
- '5443:5443/udp'
|
||||||
|
- '5443:5443/tcp'
|
||||||
|
volumes:
|
||||||
|
- keys:/opt/encrypted-dns/etc/keys
|
||||||
|
environment:
|
||||||
|
- TZ='UTC'
|
||||||
|
volumes:
|
||||||
|
keys:
|
@ -11,7 +11,7 @@ KEYS_DIR="/opt/encrypted-dns/etc/keys"
|
|||||||
STATE_DIR="${KEYS_DIR}/state"
|
STATE_DIR="${KEYS_DIR}/state"
|
||||||
LISTS_DIR="/opt/encrypted-dns/etc/lists"
|
LISTS_DIR="/opt/encrypted-dns/etc/lists"
|
||||||
CONF_DIR="/opt/encrypted-dns/etc"
|
CONF_DIR="/opt/encrypted-dns/etc"
|
||||||
CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml"
|
CONFIG_FILE="${KEYS_DIR}/encrypted-dns.toml"
|
||||||
CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in"
|
CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in"
|
||||||
SERVICES_DIR="/etc/runit/runsvdir/svmanaged"
|
SERVICES_DIR="/etc/runit/runsvdir/svmanaged"
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
apiVersion: extensions/v1beta1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
namespace: default
|
namespace: default
|
||||||
@ -9,22 +9,30 @@ spec:
|
|||||||
strategy:
|
strategy:
|
||||||
type: Recreate
|
type: Recreate
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
service: dnscrypt
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
service: dnscrypt
|
service: dnscrypt
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- image: zquestz/dnscrypt-server:latest
|
||||||
image: jedisct1/dnscrypt-server
|
imagePullPolicy: Always
|
||||||
name: dnscrypt
|
name: dnscrypt
|
||||||
|
ports:
|
||||||
|
- containerPort: 5443
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 5443
|
||||||
|
protocol: TCP
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: dnscrypt-keys
|
- name: dnscrypt-keys
|
||||||
mountPath: /opt/encrypted-dns/etc/keys
|
mountPath: /opt/encrypted-dns/etc/keys
|
||||||
command: ["/entrypoint.sh", "start"]
|
command: ["/entrypoint.sh", "start"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: "1Gi"
|
memory: "64Mi"
|
||||||
restartPolicy: Always
|
restartPolicy: Always
|
||||||
volumes:
|
volumes:
|
||||||
- name: dnscrypt-keys
|
- name: dnscrypt-keys
|
||||||
|
@ -9,8 +9,9 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: dnscrypt-init
|
- name: dnscrypt-init
|
||||||
image: jedisct1/dnscrypt-server
|
image: zquestz/dnscrypt-server:latest
|
||||||
command: ["/entrypoint.sh", "init", "-A", "-M", "0.0.0.0:9100", "-N", "example.com", "-E", "192.0.2.53:443"]
|
imagePullPolicy: Always
|
||||||
|
command: ["/entrypoint.sh", "init", "-A", "-M", "0.0.0.0:9100", "-N", "example.com", "-E", "127.0.0.1:5443"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: dnscrypt-keys
|
- name: dnscrypt-keys
|
||||||
mountPath: /opt/encrypted-dns/etc/keys
|
mountPath: /opt/encrypted-dns/etc/keys
|
||||||
|
@ -3,27 +3,33 @@ kind: Service
|
|||||||
metadata:
|
metadata:
|
||||||
name: dnscrypt-tcp
|
name: dnscrypt-tcp
|
||||||
namespace: default
|
namespace: default
|
||||||
|
annotations:
|
||||||
|
cloud.google.com/network-tier: Standard
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 443
|
port: 5443
|
||||||
targetPort: 443
|
targetPort: 5443
|
||||||
selector:
|
selector:
|
||||||
service: dnscrypt
|
service: dnscrypt
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
loadBalancerIP: 0.0.0.0
|
loadBalancerIP: 0.0.0.0
|
||||||
|
externalTrafficPolicy: Local
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: dnscrypt-udp
|
name: dnscrypt-udp
|
||||||
namespace: default
|
namespace: default
|
||||||
|
annotations:
|
||||||
|
cloud.google.com/network-tier: Standard
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- protocol: UDP
|
- protocol: UDP
|
||||||
port: 443
|
port: 5443
|
||||||
targetPort: 443
|
targetPort: 5443
|
||||||
selector:
|
selector:
|
||||||
service: dnscrypt
|
service: dnscrypt
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
loadBalancerIP: 0.0.0.0
|
loadBalancerIP: 0.0.0.0
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
Loading…
Reference in New Issue
Block a user