1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-22 19:42:03 +01:00
This commit is contained in:
Frank Denis 2019-10-09 18:40:57 +02:00
parent b415bace8f
commit f0ccbe88c4

@ -25,8 +25,8 @@ Table of Contents
Quickstart Quickstart
========== ==========
* [How to setup your own DNSCrypt server in less than 10 minutes on Scaleway](https://github.com/dnscrypt/dnscrypt-proxy/wiki/How-to-setup-your-own-DNSCrypt-server-in-less-than-10-minutes) - [How to setup your own DNSCrypt server in less than 10 minutes on Scaleway](https://github.com/dnscrypt/dnscrypt-proxy/wiki/How-to-setup-your-own-DNSCrypt-server-in-less-than-10-minutes)
* [DNSCrypt server with vultr.com](https://github.com/dnscrypt/dnscrypt-proxy/wiki/DNSCrypt-server-with-vultr.com) - [DNSCrypt server with vultr.com](https://github.com/dnscrypt/dnscrypt-proxy/wiki/DNSCrypt-server-with-vultr.com)
Installation Installation
============ ============
@ -41,7 +41,7 @@ Let's pick `example.com` here.
Download, create and initialize the container, once and for all: Download, create and initialize the container, once and for all:
$ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
jedisct1/dnscrypt-server init -N example.com -E 192.168.1.1:443 jedisct1/dnscrypt-server init -N example.com -E 192.168.1.1:443
This will only accept connections via DNSCrypt on the standard port (443). Replace This will only accept connections via DNSCrypt on the standard port (443). Replace
@ -53,7 +53,7 @@ removed on some shared containers hosting services.
Now, to start the whole stack: Now, to start the whole stack:
$ docker start dnscrypt-server docker start dnscrypt-server
Done. Done.
@ -66,6 +66,7 @@ can add any directives to the `server:` section of the Unbound configuration.
Serve custom DNS records on a local network Serve custom DNS records on a local network
------------------------------------------- -------------------------------------------
While Unbound is not a full authoritative name server, it supports resolving While Unbound is not a full authoritative name server, it supports resolving
custom entries in a way that is serviceable on a small, private LAN. You can use custom entries in a way that is serviceable on a small, private LAN. You can use
unbound to resolve private hostnames such as `my-computer.example.com` within unbound to resolve private hostnames such as `my-computer.example.com` within
@ -101,8 +102,8 @@ If Unbound doesn't like one of the newly added directives, it
will probably not respond over the network. In that case, here are some commands will probably not respond over the network. In that case, here are some commands
to work out what is wrong: to work out what is wrong:
$ docker logs dnscrypt-server docker logs dnscrypt-server
$ docker exec dnscrypt-server /opt/unbound/sbin/unbound-checkconf docker exec dnscrypt-server /opt/unbound/sbin/unbound-checkconf
Details Details
======= =======
@ -124,12 +125,12 @@ a persistent disk named `dnscrypt-keys` on GCE. You will need to adjust the volu
definition on other platforms. Once that is setup, you can have a dnscrypt server up definition on other platforms. Once that is setup, you can have a dnscrypt server up
in minutes. in minutes.
* Create a static IP on GCE. This will be used for the LoadBalancer. - Create a static IP on GCE. This will be used for the LoadBalancer.
* Edit `kube/dnscrypt-init-job.yml` and change `example.com` to your desired hostname. - Edit `kube/dnscrypt-init-job.yml` and change `example.com` to your desired hostname.
* Edit `kube/dnscrypt-srv.yml` and change `loadBalancerIP` to your static IP. - Edit `kube/dnscrypt-srv.yml` and change `loadBalancerIP` to your static IP.
* Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys. - Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys.
* Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server. - Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server.
* Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world. - Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world.
To get your public key just view the logs for the `dnscrypt-init` job. The public To get your public key just view the logs for the `dnscrypt-init` job. The public
IP for your server is merely the `dnscrypt` service address. IP for your server is merely the `dnscrypt` service address.