diff --git a/encrypted-dns.toml.in b/encrypted-dns.toml.in index 6b361c0..3bdb055 100644 --- a/encrypted-dns.toml.in +++ b/encrypted-dns.toml.in @@ -149,3 +149,6 @@ key_cache_capacity = 10000 ## Where to prooxy TLS connections to (e.g. DoH server) # upstream_addr = "127.0.0.1:4343" + +@TLS_PROXY_CONFIGURATION@ + diff --git a/entrypoint.sh b/entrypoint.sh index 5356675..0e827e7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -17,11 +17,13 @@ init() { start exit $? fi - while getopts "h?N:E:" opt; do + + while getopts "h?N:E:T:" opt; do case "$opt" in h | \?) usage ;; N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; + T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; esac done [ -z "$provider_name" ] && usage @@ -40,6 +42,11 @@ init() { ;; esac + tls_proxy_configuration="" + if [ -n "$tls_proxy_upstream_address" ]; then + tls_proxy_configuration="upstream_addr = \"${tls_proxy_upstream_address}\"" + fi + echo "Provider name: [$provider_name]" echo "$provider_name" >"${KEYS_DIR}/provider_name" @@ -48,6 +55,7 @@ init() { sed \ -e "s/@PROVIDER_NAME@/${provider_name}/" \ -e "s/@EXTERNAL_IPV4@/${ext_address}/" \ + -e "s/@TLS_PROXY_CONFIGURATION@/${tls_proxy_configuration}/" \ "$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE" /opt/encrypted-dns/sbin/encrypted-dns \ @@ -167,6 +175,8 @@ Commands * init -N -E : initialize the container for a server accessible at ip on port , for a provider named . This is required only once. +If TLS connections to the same port have to be redirected to a HTTPS server +(e.g. for DoH), add -T : * start (default command): start the resolver and the dnscrypt server proxy. Ports 443/udp and 443/tcp have to be publicly exposed.