1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-22 19:42:03 +01:00

Update and add support for Prometheus metrics

This commit is contained in:
Frank Denis 2019-10-20 00:08:09 +02:00
parent 9f00e11477
commit b091ce75da
4 changed files with 22 additions and 14 deletions

@ -37,7 +37,7 @@ ENV RUSTFLAGS "-C link-arg=-s"
RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \
curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly && \
export PATH="$HOME/.cargo/bin:$PATH" && \
echo "Compiling encrypted-dns version 0.3.3" && \
echo "Compiling encrypted-dns version 0.3.5" && \
cargo install encrypted-dns && \
mkdir -p /opt/encrypted-dns/sbin && \
mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \
@ -73,7 +73,7 @@ COPY watchdog.sh /etc/service/watchdog/run
VOLUME ["/opt/encrypted-dns/etc/keys"]
EXPOSE 443/udp 443/tcp
EXPOSE 443/udp 443/tcp 9100/tcp
CMD ["/entrypoint.sh", "start"]

@ -149,6 +149,13 @@ TLS (including HTTPS and DoH) forwarding
If the DNS server is listening to port `443`, but you still want to have a web (or DoH) service accessible on that port, add the `-T` switch followed by the backend server IP and port to the `init` command (for example: `-T 10.0.0.1:4443`).
Prometheus metrics
==================
Metrics are accessible inside the container as http://127.0.0.1:9100/metrics.
They can be made accessible outside of the container by adding the `-M` option followed by the IP and port (for example: `-M 0.0.0.0:9100`).
Join the network
================

@ -50,10 +50,10 @@ udp_max_active_connections = 1000
tcp_max_active_connections = 100
## IP address to connect to upstream servers from.
## You probably do not want to change this. `0.0.0.0` should be fine.
## Optional IP address to connect to upstream servers from.
## Leave commented/undefined to automatically select it.
external_addr = "0.0.0.0"
# external_addr = "0.0.0.0"
## Built-in DNS cache capacity
@ -168,12 +168,11 @@ key_cache_capacity = 10000
# Metrics #
#########################
# [metrics]
# type = "prometheus"
# listen_addr = "0.0.0.0:9100"
# path = "/metrics"
[metrics]
type = "prometheus"
listen_addr = "@METRICS_ADDRESS@"
path = "/metrics"
################################
@ -199,4 +198,4 @@ allow_non_reserved_ports = false
# Blacklisted upstream IP addresses
blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ]
blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ]

@ -14,8 +14,6 @@ CONF_DIR="/opt/encrypted-dns/etc"
CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml"
CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in"
# -N provider-name -E external-ip-address:port
init() {
if [ "$(is_initialized)" = yes ]; then
start
@ -25,13 +23,16 @@ init() {
anondns_enabled="false"
anondns_blacklisted_ips=""
while getopts "h?N:E:T:A" opt; do
metrics_address="127.0.0.1:9100"
while getopts "h?N:E:T:AM:" opt; do
case "$opt" in
h | \?) usage ;;
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
A) anondns_enabled="true" ;;
M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
esac
done
[ -z "$provider_name" ] && usage
@ -73,6 +74,7 @@ init() {
-e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
-e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
-e "s#@ANONDNS_BLACKLISTED_IPS@#${anondns_blacklisted_ips}#" \
-e "s#@METRICS_ADDRESS@#${metrics_address}#" \
"$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE"
mkdir -p -m 700 "${STATE_DIR}"