1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-22 23:51:59 +01:00

Add optional TLS redirection

This commit is contained in:
Frank Denis 2019-09-24 18:17:48 +02:00
parent cc50ba89ff
commit 7b644a6127
2 changed files with 14 additions and 1 deletions

@ -149,3 +149,6 @@ key_cache_capacity = 10000
## Where to prooxy TLS connections to (e.g. DoH server) ## Where to prooxy TLS connections to (e.g. DoH server)
# upstream_addr = "127.0.0.1:4343" # upstream_addr = "127.0.0.1:4343"
@TLS_PROXY_CONFIGURATION@

@ -17,11 +17,13 @@ init() {
start start
exit $? exit $?
fi fi
while getopts "h?N:E:" opt; do
while getopts "h?N:E:T:" opt; do
case "$opt" in case "$opt" in
h | \?) usage ;; h | \?) usage ;;
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
esac esac
done done
[ -z "$provider_name" ] && usage [ -z "$provider_name" ] && usage
@ -40,6 +42,11 @@ init() {
;; ;;
esac esac
tls_proxy_configuration=""
if [ -n "$tls_proxy_upstream_address" ]; then
tls_proxy_configuration="upstream_addr = \"${tls_proxy_upstream_address}\""
fi
echo "Provider name: [$provider_name]" echo "Provider name: [$provider_name]"
echo "$provider_name" >"${KEYS_DIR}/provider_name" echo "$provider_name" >"${KEYS_DIR}/provider_name"
@ -48,6 +55,7 @@ init() {
sed \ sed \
-e "s/@PROVIDER_NAME@/${provider_name}/" \ -e "s/@PROVIDER_NAME@/${provider_name}/" \
-e "s/@EXTERNAL_IPV4@/${ext_address}/" \ -e "s/@EXTERNAL_IPV4@/${ext_address}/" \
-e "s/@TLS_PROXY_CONFIGURATION@/${tls_proxy_configuration}/" \
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE" "$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
/opt/encrypted-dns/sbin/encrypted-dns \ /opt/encrypted-dns/sbin/encrypted-dns \
@ -167,6 +175,8 @@ Commands
* init -N <provider_name> -E <external ip>:<port> * init -N <provider_name> -E <external ip>:<port>
initialize the container for a server accessible at ip <external ip> on port initialize the container for a server accessible at ip <external ip> on port
<port>, for a provider named <provider_name>. This is required only once. <port>, for a provider named <provider_name>. This is required only once.
If TLS connections to the same port have to be redirected to a HTTPS server
(e.g. for DoH), add -T <https server ip>:<port>
* start (default command): start the resolver and the dnscrypt server proxy. * start (default command): start the resolver and the dnscrypt server proxy.
Ports 443/udp and 443/tcp have to be publicly exposed. Ports 443/udp and 443/tcp have to be publicly exposed.