1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00

Unbreak things

This commit is contained in:
Frank Denis 2018-01-22 20:23:54 +01:00
parent d5d527ca1c
commit 67899860c9
4 changed files with 17 additions and 17 deletions

@ -2,7 +2,7 @@ FROM jedisct1/alpine-runit:latest
MAINTAINER Frank Denis MAINTAINER Frank Denis
ENV SERIAL 1 ENV SERIAL 1
ENV BUILD_DEPS make gcc musl-dev git libevent-dev expat-dev shadow autoconf file ENV BUILD_DEPS make gcc musl-dev git libevent-dev expat-dev shadow autoconf file libressl-dev
ENV RUNTIME_DEPS bash util-linux coreutils findutils grep libressl ldns ldns-tools libevent expat libexecinfo coreutils drill ENV RUNTIME_DEPS bash util-linux coreutils findutils grep libressl ldns ldns-tools libevent expat libexecinfo coreutils drill
RUN set -x && \ RUN set -x && \
@ -47,7 +47,7 @@ RUN set -x && \
rm -fr /tmp/* /var/tmp/* rm -fr /tmp/* /var/tmp/*
ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha20-stamps ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha-stamps
COPY queue.h /tmp COPY queue.h /tmp
@ -69,8 +69,8 @@ RUN set -x && \
rm -fr /tmp/* /var/tmp/* rm -fr /tmp/* /var/tmp/*
RUN set -x && \ RUN set -x && \
apk del --purge $BUILD_DEPS && \ echo apk del --purge $BUILD_DEPS && \
rm -rf /tmp/* /var/tmp/* /usr/local/include echo rm -rf /tmp/* /var/tmp/* /usr/local/include
RUN mkdir -p \ RUN mkdir -p \
/etc/service/unbound \ /etc/service/unbound \

@ -23,7 +23,7 @@ Let's pick `example.com` here.
Download, create and initialize the container, once and for all: Download, create and initialize the container, once and for all:
$ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ $ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
jedisct1/unbound-dnscrypt-server init -N example.com -L 192.168.1.1:443 jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
This will only accept connections via DNSCrypt on the standard port (443). Replace This will only accept connections via DNSCrypt on the standard port (443). Replace
`192.168.1.1` with the actual external IP address (not the internal Docker one) `192.168.1.1` with the actual external IP address (not the internal Docker one)
@ -68,7 +68,7 @@ this:
$ docker run --name=dnscrypt-server \ $ docker run --name=dnscrypt-server \
-v /myconfig/zones:/opt/unbound/etc/unbound/zones \ -v /myconfig/zones:/opt/unbound/etc/unbound/zones \
-p 443:443/udp -p 443:443/tcp --net=host \ -p 443:443/udp -p 443:443/tcp --net=host \
jedisct1/unbound-dnscrypt-server init -N example.com jedisct1/unbound-dnscrypt-server init -N example.com -E 192.168.1.1:443
Create a new `.conf` file: Create a new `.conf` file:

@ -6,18 +6,18 @@ action="$1"
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys" KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
# -N provider-name -L external-ip-address:port # -N provider-name -E external-ip-address:port
init() { init() {
if [ $(is_initialized) = yes ]; then if [ $(is_initialized) = yes ]; then
start start
exit $? exit $?
fi fi
while getopts "h?N:L:" opt; do while getopts "h?N:E:" opt; do
case "$opt" in case "$opt" in
h|\?) usage ;; h|\?) usage ;;
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
L) listen_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
esac esac
done done
[ -z "$provider_name" ] && usage [ -z "$provider_name" ] && usage
@ -26,18 +26,18 @@ init() {
2.dnscrypt-cert.*) ;; 2.dnscrypt-cert.*) ;;
*) provider_name="2.dnscrypt-cert.${provider_name}" *) provider_name="2.dnscrypt-cert.${provider_name}"
esac esac
echo "Provider name: [$provider_name]"
[ -z "$listen_address" ] && usage [ -z "$ext_address" ] && usage
case "$listen_address" in case "$ext_address" in
.*) usage ;; .*) usage ;;
0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;; 0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
esac esac
echo "Provider name: [$provider_name]" echo "Provider name: [$provider_name]"
cd "$KEYS_DIR" cd "$KEYS_DIR"
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \ /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
--gen-provider-keypair --nolog --dnssec \ --gen-provider-keypair --nolog --dnssec \
--provider-name="$provider_name" --listen-address="$listen_address" | \ --provider-name="$provider_name" --ext-address="$ext_address" | \
tee "${KEYS_DIR}/provider-info.txt" tee "${KEYS_DIR}/provider-info.txt"
chmod 640 "${KEYS_DIR}/secret.key" chmod 640 "${KEYS_DIR}/secret.key"
chmod 644 "${KEYS_DIR}/public.key" chmod 644 "${KEYS_DIR}/public.key"
@ -74,7 +74,7 @@ is_initialized() {
ensure_initialized() { ensure_initialized() {
if [ $(is_initialized) = no ]; then if [ $(is_initialized) = no ]; then
echo "Please provide an initial configuration (init -N <provider_name>)" >&2 echo "Please provide an initial configuration (init -N <provider_name> -E <external IP>)" >&2
exit 1 exit 1
fi fi
} }
@ -91,14 +91,14 @@ usage() {
Commands Commands
======== ========
* init -N <provider_name> -L <external ip>:<port> * init -N <provider_name> -E <external ip>:<port>
initialize the container for a server accessible at ip <external ip> on port initialize the container for a server accessible at ip <external ip> on port
<port>, for a provider named <provider_name>. This is required only once. <port>, for a provider named <provider_name>. This is required only once.
* start (default command): start the resolver and the dnscrypt server proxy. * start (default command): start the resolver and the dnscrypt server proxy.
Ports 443/udp and 443/tcp have to be publicly exposed. Ports 443/udp and 443/tcp have to be publicly exposed.
* provider-info: prints the provide name and provider public key. * provider-info: prints the provide namer and provider public key.
This container has a single volume that you might want to securely keep a This container has a single volume that you might want to securely keep a
backup of: /opt/dnscrypt-wrapper/etc/keys backup of: /opt/dnscrypt-wrapper/etc/keys

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: dnscrypt-init - name: dnscrypt-init
image: jedisct1/unbound-dnscrypt-server image: jedisct1/unbound-dnscrypt-server
command: ["/entrypoint.sh", "init", "-N", "example.com", "-L", "192.168.1.1:443"] command: ["/entrypoint.sh", "init", "-N", "example.com", "-E", "192.168.1.1:443"]
volumeMounts: volumeMounts:
- name: dnscrypt-keys - name: dnscrypt-keys
mountPath: /opt/dnscrypt-wrapper/etc/keys mountPath: /opt/dnscrypt-wrapper/etc/keys