1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-22 23:51:59 +01:00

Merge branch 'master' of github.com:DNSCrypt/dnscrypt-server-docker

* 'master' of github.com:DNSCrypt/dnscrypt-server-docker:
  Eliminate what's superfluous
This commit is contained in:
Frank Denis 2020-04-20 16:45:11 +02:00
commit 9793a25dcb

@ -46,18 +46,11 @@ Let's pick `example.com` here.
You probably need to perform the following steps as `root`. You probably need to perform the following steps as `root`.
Create a directory where the server is going to store internal data such as secret keys.
Here, we'll use `/etc/dnscrypt-server`:
```sh
mkdir -p /etc/dnscrypt-server/keys
```
Download, create and initialize the container: Download, create and initialize the container:
```sh ```sh
docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \ --restart=unless-stopped \
-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \ -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443' jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443'
``` ```
@ -74,21 +67,12 @@ If you want to use a different port, replace all occurrences of `443` with the a
command above (including `-p ...`). But if you have an existing website that should be accessible on command above (including `-p ...`). But if you have an existing website that should be accessible on
port `443`, the server can transparently relay non-DNS traffic to it (see below). port `443`, the server can transparently relay non-DNS traffic to it (see below).
`--net=host` provides the best network performance, but may have to be
removed on some shared containers hosting services.
`-v /etc/dnscrypt-server:/opt/encrypted-dns/etc/keys` means that the path `/opt/encrypted-dns/etc/keys`, internal to the container, is mapped to `/etc/dnscrypt-server/keys`, the directory we just created before. Do not change `/opt/encrypted-dns/etc/keys`. But if you created a directory in a different location, replace `/etc/dnscrypt-server/keys` accordingly in the command above. `-v /etc/dnscrypt-server:/opt/encrypted-dns/etc/keys` means that the path `/opt/encrypted-dns/etc/keys`, internal to the container, is mapped to `/etc/dnscrypt-server/keys`, the directory we just created before. Do not change `/opt/encrypted-dns/etc/keys`. But if you created a directory in a different location, replace `/etc/dnscrypt-server/keys` accordingly in the command above.
__Note:__ on MacOS, don't use `-v ...:...`. Remove that part from the command-line, as current versions of MacOS and Docker don't seem to work well with shared directories. __Note:__ on MacOS, don't use `-v ...:...`. Remove that part from the command-line, as current versions of MacOS and Docker don't seem to work well with shared directories.
The `init` command will print the DNS stamp of your server. The `init` command will print the DNS stamp of your server.
Now, to start the whole stack:
```sh
docker start dnscrypt-server
```
Done. Done.
You can verify that the server is running with: You can verify that the server is running with:
@ -144,13 +128,12 @@ docker rename dnscrypt-server dnscrypt-server-old
5. Use the `init` command again and start the new container: 5. Use the `init` command again and start the new container:
```sh ```sh
docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \ --restart=unless-stopped \
-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \ -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443' jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443'
# (adjust accordingly) # (adjust accordingly)
docker start dnscrypt-server
docker ps # Check that it's running docker ps # Check that it's running
``` ```