mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 23:51:59 +01:00
Add optional TLS redirection
This commit is contained in:
parent
cc50ba89ff
commit
7b644a6127
@ -149,3 +149,6 @@ key_cache_capacity = 10000
|
|||||||
## Where to prooxy TLS connections to (e.g. DoH server)
|
## Where to prooxy TLS connections to (e.g. DoH server)
|
||||||
|
|
||||||
# upstream_addr = "127.0.0.1:4343"
|
# upstream_addr = "127.0.0.1:4343"
|
||||||
|
|
||||||
|
@TLS_PROXY_CONFIGURATION@
|
||||||
|
|
||||||
|
@ -17,11 +17,13 @@ init() {
|
|||||||
start
|
start
|
||||||
exit $?
|
exit $?
|
||||||
fi
|
fi
|
||||||
while getopts "h?N:E:" opt; do
|
|
||||||
|
while getopts "h?N:E:T:" opt; do
|
||||||
case "$opt" in
|
case "$opt" in
|
||||||
h | \?) usage ;;
|
h | \?) usage ;;
|
||||||
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
|
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
[ -z "$provider_name" ] && usage
|
[ -z "$provider_name" ] && usage
|
||||||
@ -40,6 +42,11 @@ init() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
tls_proxy_configuration=""
|
||||||
|
if [ -n "$tls_proxy_upstream_address" ]; then
|
||||||
|
tls_proxy_configuration="upstream_addr = \"${tls_proxy_upstream_address}\""
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Provider name: [$provider_name]"
|
echo "Provider name: [$provider_name]"
|
||||||
|
|
||||||
echo "$provider_name" >"${KEYS_DIR}/provider_name"
|
echo "$provider_name" >"${KEYS_DIR}/provider_name"
|
||||||
@ -48,6 +55,7 @@ init() {
|
|||||||
sed \
|
sed \
|
||||||
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
||||||
-e "s/@EXTERNAL_IPV4@/${ext_address}/" \
|
-e "s/@EXTERNAL_IPV4@/${ext_address}/" \
|
||||||
|
-e "s/@TLS_PROXY_CONFIGURATION@/${tls_proxy_configuration}/" \
|
||||||
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
|
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
|
||||||
|
|
||||||
/opt/encrypted-dns/sbin/encrypted-dns \
|
/opt/encrypted-dns/sbin/encrypted-dns \
|
||||||
@ -167,6 +175,8 @@ Commands
|
|||||||
* init -N <provider_name> -E <external ip>:<port>
|
* init -N <provider_name> -E <external ip>:<port>
|
||||||
initialize the container for a server accessible at ip <external ip> on port
|
initialize the container for a server accessible at ip <external ip> on port
|
||||||
<port>, for a provider named <provider_name>. This is required only once.
|
<port>, for a provider named <provider_name>. This is required only once.
|
||||||
|
If TLS connections to the same port have to be redirected to a HTTPS server
|
||||||
|
(e.g. for DoH), add -T <https server ip>:<port>
|
||||||
|
|
||||||
* start (default command): start the resolver and the dnscrypt server proxy.
|
* start (default command): start the resolver and the dnscrypt server proxy.
|
||||||
Ports 443/udp and 443/tcp have to be publicly exposed.
|
Ports 443/udp and 443/tcp have to be publicly exposed.
|
||||||
|
Loading…
Reference in New Issue
Block a user