1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00

Update and add support for Prometheus metrics

This commit is contained in:
Frank Denis 2019-10-20 00:08:09 +02:00
parent 9f00e11477
commit b091ce75da
4 changed files with 22 additions and 14 deletions

@ -37,7 +37,7 @@ ENV RUSTFLAGS "-C link-arg=-s"
RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \ RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \
curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly && \ curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly && \
export PATH="$HOME/.cargo/bin:$PATH" && \ export PATH="$HOME/.cargo/bin:$PATH" && \
echo "Compiling encrypted-dns version 0.3.3" && \ echo "Compiling encrypted-dns version 0.3.5" && \
cargo install encrypted-dns && \ cargo install encrypted-dns && \
mkdir -p /opt/encrypted-dns/sbin && \ mkdir -p /opt/encrypted-dns/sbin && \
mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \ mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \
@ -73,7 +73,7 @@ COPY watchdog.sh /etc/service/watchdog/run
VOLUME ["/opt/encrypted-dns/etc/keys"] VOLUME ["/opt/encrypted-dns/etc/keys"]
EXPOSE 443/udp 443/tcp EXPOSE 443/udp 443/tcp 9100/tcp
CMD ["/entrypoint.sh", "start"] CMD ["/entrypoint.sh", "start"]

@ -149,6 +149,13 @@ TLS (including HTTPS and DoH) forwarding
If the DNS server is listening to port `443`, but you still want to have a web (or DoH) service accessible on that port, add the `-T` switch followed by the backend server IP and port to the `init` command (for example: `-T 10.0.0.1:4443`). If the DNS server is listening to port `443`, but you still want to have a web (or DoH) service accessible on that port, add the `-T` switch followed by the backend server IP and port to the `init` command (for example: `-T 10.0.0.1:4443`).
Prometheus metrics
==================
Metrics are accessible inside the container as http://127.0.0.1:9100/metrics.
They can be made accessible outside of the container by adding the `-M` option followed by the IP and port (for example: `-M 0.0.0.0:9100`).
Join the network Join the network
================ ================

@ -50,10 +50,10 @@ udp_max_active_connections = 1000
tcp_max_active_connections = 100 tcp_max_active_connections = 100
## IP address to connect to upstream servers from. ## Optional IP address to connect to upstream servers from.
## You probably do not want to change this. `0.0.0.0` should be fine. ## Leave commented/undefined to automatically select it.
external_addr = "0.0.0.0" # external_addr = "0.0.0.0"
## Built-in DNS cache capacity ## Built-in DNS cache capacity
@ -168,12 +168,11 @@ key_cache_capacity = 10000
# Metrics # # Metrics #
######################### #########################
# [metrics] [metrics]
# type = "prometheus"
# listen_addr = "0.0.0.0:9100"
# path = "/metrics"
type = "prometheus"
listen_addr = "@METRICS_ADDRESS@"
path = "/metrics"
################################ ################################
@ -199,4 +198,4 @@ allow_non_reserved_ports = false
# Blacklisted upstream IP addresses # Blacklisted upstream IP addresses
blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ] blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ]

@ -14,8 +14,6 @@ CONF_DIR="/opt/encrypted-dns/etc"
CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml" CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml"
CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in" CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in"
# -N provider-name -E external-ip-address:port
init() { init() {
if [ "$(is_initialized)" = yes ]; then if [ "$(is_initialized)" = yes ]; then
start start
@ -25,13 +23,16 @@ init() {
anondns_enabled="false" anondns_enabled="false"
anondns_blacklisted_ips="" anondns_blacklisted_ips=""
while getopts "h?N:E:T:A" opt; do metrics_address="127.0.0.1:9100"
while getopts "h?N:E:T:AM:" opt; do
case "$opt" in case "$opt" in
h | \?) usage ;; h | \?) usage ;;
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
A) anondns_enabled="true" ;; A) anondns_enabled="true" ;;
M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
esac esac
done done
[ -z "$provider_name" ] && usage [ -z "$provider_name" ] && usage
@ -73,6 +74,7 @@ init() {
-e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \ -e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
-e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \ -e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
-e "s#@ANONDNS_BLACKLISTED_IPS@#${anondns_blacklisted_ips}#" \ -e "s#@ANONDNS_BLACKLISTED_IPS@#${anondns_blacklisted_ips}#" \
-e "s#@METRICS_ADDRESS@#${metrics_address}#" \
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE" "$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
mkdir -p -m 700 "${STATE_DIR}" mkdir -p -m 700 "${STATE_DIR}"