Support multiple IPs and ports, including IPv6 addresses

Fixes #74

README.md

@@ -64,6 +64,10 @@ This will only accept connections via DNSCrypt on the standard port (443). Repla
 `192.168.1.1` with the actual external IP address (not the internal Docker one)
 clients will connect to.
 
+IPv6 addresses should be enclosed in brackets; for example: `[2001:0db8::412f]:443`.
+
+Multiple comma-separated IPs and ports can be specified, as in `-E 192.168.1.1:443,[2001:0db8::412f]:443`.
+
 `--net=host` provides the best network performance, but may have to be
 removed on some shared containers hosting services.
 

encrypted-dns.toml.in

@@ -16,7 +16,7 @@
 ## As many addresses as needed can be configured here, IPv4 and/or IPv6.
 
 listen_addrs = [
-    { local = "0.0.0.0:443", external = "@EXTERNAL_IPV4@" }
+    @LISTEN_ADDRESSES@
 ]
 
 

entrypoint.sh

@@ -29,7 +29,7 @@ init() {
         case "$opt" in
         h | \?) usage ;;
         N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
-        E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
+        E) ext_addresses=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
         T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
         A) anondns_enabled="true" ;;
         M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
@@ -42,14 +42,15 @@ init() {
     *) provider_name="2.dnscrypt-cert.${provider_name}" ;;
     esac
 
-    [ -z "$ext_address" ] && usage
-    case "$ext_address" in
+    [ -z "$ext_addresses" ] && usage
+    case "$ext_addresses" in
     .*) usage ;;
     0.*)
         echo "Do not use 0.0.0.0, use an actual external IP address" >&2
         exit 1
         ;;
     esac
+    listen_addresses=$(get_listen_addresses "$ext_addresses")
 
     tls_proxy_configuration=""
     if [ -n "$tls_proxy_upstream_address" ]; then
@@ -69,7 +70,7 @@ init() {
 
     sed \
         -e "s#@PROVIDER_NAME@#${provider_name}#" \
-        -e "s#@EXTERNAL_IPV4@#${ext_address}#" \
+        -e "s#@LISTEN_ADDRESSES@#${listen_addresses}#" \
         -e "s#@TLS_PROXY_CONFIGURATION@#${tls_proxy_configuration}#" \
         -e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
         -e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
@@ -176,12 +177,54 @@ shell() {
     exec /bin/bash
 }
 
+is_ipv6() {
+    case "$1" in
+    \[[a-fA-F0-9:.]*\]:[0-9]*)
+        echo yes
+        ;;
+    [0-9.]*:[0-9]*)
+        echo no
+        ;;
+    *)
+        echo "IP and port should be specified as 'ipv4_addr:port' or '[ipv6_addr]:port'" >&2
+        exit 1
+        ;;
+    esac
+}
+
+get_listen_addresses() {
+    listen_addresses=""
+    ext_addresses="$1"
+    OIFS="$IFS"
+    IFS=","
+    localport_v4=443
+    localport_v6=443
+    for ext_address in $ext_addresses; do
+        entry="{ local = "
+        v6=$(is_ipv6 "$ext_address")
+        if [ "$v6" = "yes" ]; then
+            entry="${entry}\"[::]:${localport_v4}\""
+            localport_v4=$((localport_v4 + 1))
+        else
+            entry="${entry}\"0.0.0.0:${localport_v6}\""
+            localport_v6=$((localport_v6 + 1))
+        fi
+        entry="${entry}, external = \"${ext_address}\" }"
+        if [ -n "$listen_addresses" ]; then
+            listen_addresses="${listen_addresses}, "
+        fi
+        listen_addresses="${listen_addresses}${entry}"
+    done
+    IFS="$OIFS"
+    echo "${listen_addresses}"
+}
+
 usage() {
     cat <<EOT
 Commands
 ========
 
-* init -N <provider_name> -E <external ip>:<port>
+* init -N <provider_name> -E <external ip>:<port>[,<external ip>:<port>...]
 initialize the container for a server accessible at ip <external ip> on port
 <port>, for a provider named <provider_name>. This is required only once.