1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00

Support multiple IPs and ports, including IPv6 addresses

Fixes #74
This commit is contained in:
Frank Denis 2019-11-05 15:13:16 +01:00
parent 0b9d1e77ef
commit b92bfe4a5c
3 changed files with 53 additions and 6 deletions

@ -64,6 +64,10 @@ This will only accept connections via DNSCrypt on the standard port (443). Repla
`192.168.1.1` with the actual external IP address (not the internal Docker one)
clients will connect to.
IPv6 addresses should be enclosed in brackets; for example: `[2001:0db8::412f]:443`.
Multiple comma-separated IPs and ports can be specified, as in `-E 192.168.1.1:443,[2001:0db8::412f]:443`.
`--net=host` provides the best network performance, but may have to be
removed on some shared containers hosting services.

@ -16,7 +16,7 @@
## As many addresses as needed can be configured here, IPv4 and/or IPv6.
listen_addrs = [
{ local = "0.0.0.0:443", external = "@EXTERNAL_IPV4@" }
@LISTEN_ADDRESSES@
]

@ -29,7 +29,7 @@ init() {
case "$opt" in
h | \?) usage ;;
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
E) ext_addresses=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
A) anondns_enabled="true" ;;
M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
@ -42,14 +42,15 @@ init() {
*) provider_name="2.dnscrypt-cert.${provider_name}" ;;
esac
[ -z "$ext_address" ] && usage
case "$ext_address" in
[ -z "$ext_addresses" ] && usage
case "$ext_addresses" in
.*) usage ;;
0.*)
echo "Do not use 0.0.0.0, use an actual external IP address" >&2
exit 1
;;
esac
listen_addresses=$(get_listen_addresses "$ext_addresses")
tls_proxy_configuration=""
if [ -n "$tls_proxy_upstream_address" ]; then
@ -69,7 +70,7 @@ init() {
sed \
-e "s#@PROVIDER_NAME@#${provider_name}#" \
-e "s#@EXTERNAL_IPV4@#${ext_address}#" \
-e "s#@LISTEN_ADDRESSES@#${listen_addresses}#" \
-e "s#@TLS_PROXY_CONFIGURATION@#${tls_proxy_configuration}#" \
-e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \
-e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \
@ -176,12 +177,54 @@ shell() {
exec /bin/bash
}
is_ipv6() {
case "$1" in
\[[a-fA-F0-9:.]*\]:[0-9]*)
echo yes
;;
[0-9.]*:[0-9]*)
echo no
;;
*)
echo "IP and port should be specified as 'ipv4_addr:port' or '[ipv6_addr]:port'" >&2
exit 1
;;
esac
}
get_listen_addresses() {
listen_addresses=""
ext_addresses="$1"
OIFS="$IFS"
IFS=","
localport_v4=443
localport_v6=443
for ext_address in $ext_addresses; do
entry="{ local = "
v6=$(is_ipv6 "$ext_address")
if [ "$v6" = "yes" ]; then
entry="${entry}\"[::]:${localport_v4}\""
localport_v4=$((localport_v4 + 1))
else
entry="${entry}\"0.0.0.0:${localport_v6}\""
localport_v6=$((localport_v6 + 1))
fi
entry="${entry}, external = \"${ext_address}\" }"
if [ -n "$listen_addresses" ]; then
listen_addresses="${listen_addresses}, "
fi
listen_addresses="${listen_addresses}${entry}"
done
IFS="$OIFS"
echo "${listen_addresses}"
}
usage() {
cat <<EOT
Commands
========
* init -N <provider_name> -E <external ip>:<port>
* init -N <provider_name> -E <external ip>:<port>[,<external ip>:<port>...]
initialize the container for a server accessible at ip <external ip> on port
<port>, for a provider named <provider_name>. This is required only once.