Merge branch 'master' of github.com:jedisct1/dnscrypt-server-docker

Dockerfile

@@ -61,6 +61,7 @@ RUN mkdir -p \
     /etc/service/watchdog
 
 COPY encrypted-dns.toml.in /opt/encrypted-dns/etc/
+COPY undelegated.txt /opt/encrypted-dns/etc/
 
 COPY entrypoint.sh /
 

README.md

@@ -119,7 +119,7 @@ docker pull jedisct1/dnscrypt-server
 ls -l /etc/dnscrypt-server/keys
 ```
 
-If you have some content here, skip to step 2.
+If you have some content here, skip to step 3.
 
 Nothing here? Maybe you didn't use the `-v` option to map container files to a local directory when creating the container.
 In that case, copy the data directly from the container:
@@ -128,14 +128,20 @@ In that case, copy the data directly from the container:
 docker cp dnscrypt-server:/opt/encrypted-dns/etc/keys ~/keys
 ```
 
-3. Stop the container:
+3. Stop the existing container:
 
 ```sh
 docker stop dnscrypt-server
 docker ps # Check that it's not running
 ```
 
-1. Use the `init` command again and start the new container:
+4. Rename the existing container:
+
+```sh
+docker rename dnscrypt-server dnscrypt-server-old
+```
+
+5. Use the `init` command again and start the new container:
 
 ```sh
 docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
@@ -145,9 +151,16 @@ jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443'
 # (adjust accordingly)
 
 docker start dnscrypt-server
+docker ps # Check that it's running
 ```
 
-5. Done!
+6. Delete old container:
+
+```sh
+docker rm dnscrypt-server-old
+```
+
+7. Done!
 
 Parameters differ from the ones used in the previous container.
 

encrypted-dns.sh

@@ -8,4 +8,7 @@ if [ ! -f "$KEYS_DIR/provider_name" ]; then
     exit 1
 fi
 
+chown -R _encrypted-dns:_encrypted-dns /opt/dnscrypt-wrapper/etc/keys 2>/dev/null || :
+chown -R _encrypted-dns:_encrypted-dns /opt/encrypted-dns/etc/keys 2>/dev/null || :
+
 exec /opt/encrypted-dns/sbin/encrypted-dns --config "$CONFIG_FILE"

encrypted-dns.toml.in

@@ -70,7 +70,7 @@ cache_capacity = 150000
 
 ## DNS cache: minimum TTL
 
-cache_ttl_min = 600
+cache_ttl_min = 3600
 
 
 ## DNS cache: max TTL
@@ -100,12 +100,12 @@ daemonize = false
 
 ## User name to drop privileges to, when started as root.
 
-# user = "_encrypted-dns"
+user = "_encrypted-dns"
 
 
 ## Group name to drop privileges to, when started as root.
 
-# group = "_encrypted-dns"
+group = "_encrypted-dns"
 
 
 ## Path to chroot() to, when started as root.
@@ -177,7 +177,7 @@ key_cache_capacity = 10000
 ## but will never resolve to anything. The server will immediately return a
 ## synthesized NXDOMAIN response instead of hitting root servers.
 
-# undelegated_list = "/etc/undelegated.txt"
+undelegated_list = "/opt/encrypted-dns/etc/undelegated.txt"
 
 
 ## Ignore A and AAAA queries for unqualified host names.