mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 23:51:59 +01:00
Unbreak things
This commit is contained in:
Frank Denis
parent
d5d527ca1c
commit
67899860c9
@ -2,7 +2,7 @@ FROM jedisct1/alpine-runit:latest
|
|||||||
MAINTAINER Frank Denis
|
MAINTAINER Frank Denis
|
||||||
ENV SERIAL 1
|
ENV SERIAL 1
|
||||||
|
|
||||||
ENV BUILD_DEPS make gcc musl-dev git libevent-dev expat-dev shadow autoconf file
|
ENV BUILD_DEPS make gcc musl-dev git libevent-dev expat-dev shadow autoconf file libressl-dev
|
||||||
ENV RUNTIME_DEPS bash util-linux coreutils findutils grep libressl ldns ldns-tools libevent expat libexecinfo coreutils drill
|
ENV RUNTIME_DEPS bash util-linux coreutils findutils grep libressl ldns ldns-tools libevent expat libexecinfo coreutils drill
|
||||||
|
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
@ -47,7 +47,7 @@ RUN set -x && \
|
|||||||
rm -fr /tmp/* /var/tmp/*
|
rm -fr /tmp/* /var/tmp/*
|
||||||
|
|
||||||
ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git
|
ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git
|
||||||
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha20-stamps
|
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha-stamps
|
||||||
|
|
||||||
COPY queue.h /tmp
|
COPY queue.h /tmp
|
||||||
|
|
||||||
@ -69,8 +69,8 @@ RUN set -x && \
|
|||||||
rm -fr /tmp/* /var/tmp/*
|
rm -fr /tmp/* /var/tmp/*
|
||||||
|
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
apk del --purge $BUILD_DEPS && \
|
echo apk del --purge $BUILD_DEPS && \
|
||||||
rm -rf /tmp/* /var/tmp/* /usr/local/include
|
echo rm -rf /tmp/* /var/tmp/* /usr/local/include
|
||||||
|
|
||||||
RUN mkdir -p \
|
RUN mkdir -p \
|
||||||
/etc/service/unbound \
|
/etc/service/unbound \
|
||||||
|
|||||||
@ -23,7 +23,7 @@ Let's pick `example.com` here.
|
|||||||
Download, create and initialize the container, once and for all:
|
Download, create and initialize the container, once and for all:
|
||||||
|
|
||||||
$ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
|
$ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
|
||||||
jedisct1/unbound-dnscrypt-server init -N example.com -L 192.168.1.1:443
|
jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
|
||||||
|
|
||||||
This will only accept connections via DNSCrypt on the standard port (443). Replace
|
This will only accept connections via DNSCrypt on the standard port (443). Replace
|
||||||
`192.168.1.1` with the actual external IP address (not the internal Docker one)
|
`192.168.1.1` with the actual external IP address (not the internal Docker one)
|
||||||
@ -68,7 +68,7 @@ this:
|
|||||||
$ docker run --name=dnscrypt-server \
|
$ docker run --name=dnscrypt-server \
|
||||||
-v /myconfig/zones:/opt/unbound/etc/unbound/zones \
|
-v /myconfig/zones:/opt/unbound/etc/unbound/zones \
|
||||||
-p 443:443/udp -p 443:443/tcp --net=host \
|
-p 443:443/udp -p 443:443/tcp --net=host \
|
||||||
jedisct1/unbound-dnscrypt-server init -N example.com
|
jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
|
||||||
|
|
||||||
Create a new `.conf` file:
|
Create a new `.conf` file:
|
||||||
|
|
||||||
|
|||||||
@ -6,18 +6,18 @@ action="$1"
|
|||||||
|
|
||||||
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
|
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
|
||||||
|
|
||||||
# -N provider-name -L external-ip-address:port
|
# -N provider-name -E external-ip-address:port
|
||||||
|
|
||||||
init() {
|
init() {
|
||||||
if [ $(is_initialized) = yes ]; then
|
if [ $(is_initialized) = yes ]; then
|
||||||
start
|
start
|
||||||
exit $?
|
exit $?
|
||||||
fi
|
fi
|
||||||
while getopts "h?N:L:" opt; do
|
while getopts "h?N:E:" opt; do
|
||||||
case "$opt" in
|
case "$opt" in
|
||||||
h|\?) usage ;;
|
h|\?) usage ;;
|
||||||
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
L) listen_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
[ -z "$provider_name" ] && usage
|
[ -z "$provider_name" ] && usage
|
||||||
@ -26,18 +26,18 @@ init() {
|
|||||||
2.dnscrypt-cert.*) ;;
|
2.dnscrypt-cert.*) ;;
|
||||||
*) provider_name="2.dnscrypt-cert.${provider_name}"
|
*) provider_name="2.dnscrypt-cert.${provider_name}"
|
||||||
esac
|
esac
|
||||||
echo "Provider name: [$provider_name]"
|
|
||||||
|
|
||||||
[ -z "$listen_address" ] && usage
|
[ -z "$ext_address" ] && usage
|
||||||
case "$listen_address" in
|
case "$ext_address" in
|
||||||
.*) usage ;;
|
.*) usage ;;
|
||||||
0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
|
0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
echo "Provider name: [$provider_name]"
|
echo "Provider name: [$provider_name]"
|
||||||
cd "$KEYS_DIR"
|
cd "$KEYS_DIR"
|
||||||
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
|
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
|
||||||
--gen-provider-keypair --nolog --dnssec \
|
--gen-provider-keypair --nolog --dnssec \
|
||||||
--provider-name="$provider_name" --listen-address="$listen_address" | \
|
--provider-name="$provider_name" --ext-address="$ext_address" | \
|
||||||
tee "${KEYS_DIR}/provider-info.txt"
|
tee "${KEYS_DIR}/provider-info.txt"
|
||||||
chmod 640 "${KEYS_DIR}/secret.key"
|
chmod 640 "${KEYS_DIR}/secret.key"
|
||||||
chmod 644 "${KEYS_DIR}/public.key"
|
chmod 644 "${KEYS_DIR}/public.key"
|
||||||
@ -74,7 +74,7 @@ is_initialized() {
|
|||||||
|
|
||||||
ensure_initialized() {
|
ensure_initialized() {
|
||||||
if [ $(is_initialized) = no ]; then
|
if [ $(is_initialized) = no ]; then
|
||||||
echo "Please provide an initial configuration (init -N <provider_name>)" >&2
|
echo "Please provide an initial configuration (init -N <provider_name> -E <external IP>)" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -91,14 +91,14 @@ usage() {
|
|||||||
Commands
|
Commands
|
||||||
========
|
========
|
||||||
|
|
||||||
* init -N <provider_name> -L <external ip>:<port>
|
* init -N <provider_name> -E <external ip>:<port>
|
||||||
initialize the container for a server accessible at ip <external ip> on port
|
initialize the container for a server accessible at ip <external ip> on port
|
||||||
<port>, for a provider named <provider_name>. This is required only once.
|
<port>, for a provider named <provider_name>. This is required only once.
|
||||||
|
|
||||||
* start (default command): start the resolver and the dnscrypt server proxy.
|
* start (default command): start the resolver and the dnscrypt server proxy.
|
||||||
Ports 443/udp and 443/tcp have to be publicly exposed.
|
Ports 443/udp and 443/tcp have to be publicly exposed.
|
||||||
|
|
||||||
* provider-info: prints the provide name and provider public key.
|
* provider-info: prints the provide namer and provider public key.
|
||||||
|
|
||||||
This container has a single volume that you might want to securely keep a
|
This container has a single volume that you might want to securely keep a
|
||||||
backup of: /opt/dnscrypt-wrapper/etc/keys
|
backup of: /opt/dnscrypt-wrapper/etc/keys
|
||||||
|
|||||||
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: dnscrypt-init
|
- name: dnscrypt-init
|
||||||
image: jedisct1/unbound-dnscrypt-server
|
image: jedisct1/unbound-dnscrypt-server
|
||||||
command: ["/entrypoint.sh", "init", "-N", "example.com", "-L", "192.168.1.1:443"]
|
command: ["/entrypoint.sh", "init", "-N", "example.com", "-E", "192.168.1.1:443"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: dnscrypt-keys
|
- name: dnscrypt-keys
|
||||||
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user