mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 23:51:59 +01:00
parent
0b9d1e77ef
commit
b92bfe4a5c
@ -64,6 +64,10 @@ This will only accept connections via DNSCrypt on the standard port (443). Repla
|
|||||||
`192.168.1.1` with the actual external IP address (not the internal Docker one)
|
`192.168.1.1` with the actual external IP address (not the internal Docker one)
|
||||||
clients will connect to.
|
clients will connect to.
|
||||||
|
|
||||||
|
IPv6 addresses should be enclosed in brackets; for example: `[2001:0db8::412f]:443`.
|
||||||
|
|
||||||
|
Multiple comma-separated IPs and ports can be specified, as in `-E 192.168.1.1:443,[2001:0db8::412f]:443`.
|
||||||
|
|
||||||
`--net=host` provides the best network performance, but may have to be
|
`--net=host` provides the best network performance, but may have to be
|
||||||
removed on some shared containers hosting services.
|
removed on some shared containers hosting services.
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
## As many addresses as needed can be configured here, IPv4 and/or IPv6.
|
## As many addresses as needed can be configured here, IPv4 and/or IPv6.
|
||||||
|
|
||||||
listen_addrs = [
|
listen_addrs = [
|
||||||
{ local = "0.0.0.0:443", external = "@EXTERNAL_IPV4@" }
|
@LISTEN_ADDRESSES@
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ init() {
|
|||||||
case "$opt" in
|
case "$opt" in
|
||||||
h | \?) usage ;;
|
h | \?) usage ;;
|
||||||
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
E) ext_addresses=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
A) anondns_enabled="true" ;;
|
A) anondns_enabled="true" ;;
|
||||||
M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||||
@ -42,14 +42,15 @@ init() {
|
|||||||
*) provider_name="2.dnscrypt-cert.${provider_name}" ;;
|
*) provider_name="2.dnscrypt-cert.${provider_name}" ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
[ -z "$ext_address" ] && usage
|
[ -z "$ext_addresses" ] && usage
|
||||||
case "$ext_address" in
|
case "$ext_addresses" in
|
||||||
.*) usage ;;
|
.*) usage ;;
|
||||||
0.*)
|
0.*)
|
||||||
echo "Do not use 0.0.0.0, use an actual external IP address" >&2
|
echo "Do not use 0.0.0.0, use an actual external IP address" >&2
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
listen_addresses=$(get_listen_addresses "$ext_addresses")
|
||||||
|
|
||||||
tls_proxy_configuration=""
|
tls_proxy_configuration=""
|
||||||
if [ -n "$tls_proxy_upstream_address" ]; then
|
if [ -n "$tls_proxy_upstream_address" ]; then
|
||||||
@ -69,7 +70,7 @@ init() {
|
|||||||
|
|
||||||
sed \
|
sed \
|
||||||
-e "s#@PROVIDER_NAME@#${provider_name}#" \
|
-e "s#@PROVIDER_NAME@#${provider_name}#" \
|
||||||
-e "s#@EXTERNAL_IPV4@#${ext_address}#" \
|
-e "s#@LISTEN_ADDRESSES@#${listen_addresses}#" \
|
||||||
-e "s#@TLS_PROXY_CONFIGURATION@#${tls_proxy_configuration}#" \
|
-e "s#@TLS_PROXY_CONFIGURATION@#${tls_proxy_configuration}#" \
|
||||||
-e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
|
-e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
|
||||||
-e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
|
-e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
|
||||||
@ -176,12 +177,54 @@ shell() {
|
|||||||
exec /bin/bash
|
exec /bin/bash
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_ipv6() {
|
||||||
|
case "$1" in
|
||||||
|
\[[a-fA-F0-9:.]*\]:[0-9]*)
|
||||||
|
echo yes
|
||||||
|
;;
|
||||||
|
[0-9.]*:[0-9]*)
|
||||||
|
echo no
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "IP and port should be specified as 'ipv4_addr:port' or '[ipv6_addr]:port'" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
get_listen_addresses() {
|
||||||
|
listen_addresses=""
|
||||||
|
ext_addresses="$1"
|
||||||
|
OIFS="$IFS"
|
||||||
|
IFS=","
|
||||||
|
localport_v4=443
|
||||||
|
localport_v6=443
|
||||||
|
for ext_address in $ext_addresses; do
|
||||||
|
entry="{ local = "
|
||||||
|
v6=$(is_ipv6 "$ext_address")
|
||||||
|
if [ "$v6" = "yes" ]; then
|
||||||
|
entry="${entry}\"[::]:${localport_v4}\""
|
||||||
|
localport_v4=$((localport_v4 + 1))
|
||||||
|
else
|
||||||
|
entry="${entry}\"0.0.0.0:${localport_v6}\""
|
||||||
|
localport_v6=$((localport_v6 + 1))
|
||||||
|
fi
|
||||||
|
entry="${entry}, external = \"${ext_address}\" }"
|
||||||
|
if [ -n "$listen_addresses" ]; then
|
||||||
|
listen_addresses="${listen_addresses}, "
|
||||||
|
fi
|
||||||
|
listen_addresses="${listen_addresses}${entry}"
|
||||||
|
done
|
||||||
|
IFS="$OIFS"
|
||||||
|
echo "${listen_addresses}"
|
||||||
|
}
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
cat <<EOT
|
cat <<EOT
|
||||||
Commands
|
Commands
|
||||||
========
|
========
|
||||||
|
|
||||||
* init -N <provider_name> -E <external ip>:<port>
|
* init -N <provider_name> -E <external ip>:<port>[,<external ip>:<port>...]
|
||||||
initialize the container for a server accessible at ip <external ip> on port
|
initialize the container for a server accessible at ip <external ip> on port
|
||||||
<port>, for a provider named <provider_name>. This is required only once.
|
<port>, for a provider named <provider_name>. This is required only once.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user