1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00

Eliminate what's superfluous

1) I have deleted the "mkdir -p /etc/dnscrypt-server/keys" section in Installation: in fact with "-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys" the directory is automatically created on the host.
2) I have eliminated the options -"-ulimit nofile=90000:90000" and "--net=host" from the docker run command in Installation, because the first one was used in old versions of Docker, because they did not tolerate the limit of the number of files open simultaneously, managed by the kernel , in the standard Ubuntu session settings (and others); the second (--net=host) actually exposes the entire host stack to the container and this does not speed up, but exposes to risk and cancels the much more useful option -p 443:443/udp -p 443:443/tcp (see https://docs.docker.com/network/host/).
3) I have deleted in Installation the explanation regarding the "--net=host" option as explained in point 2.
4) In Installation, I have eliminated the section of the "docker start command dnscrypt-server", because, when the container with docker run is deployed, it is also started.
This commit is contained in:
lucenera 2020-03-28 00:01:57 +01:00 committed by GitHub
parent db51ca4f0e
commit f39cbaa192
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23

@ -46,18 +46,11 @@ Let's pick `example.com` here.
You probably need to perform the following steps as `root`. You probably need to perform the following steps as `root`.
Create a directory where the server is going to store internal data such as secret keys.
Here, we'll use `/etc/dnscrypt-server`:
```sh
mkdir -p /etc/dnscrypt-server/keys
```
Download, create and initialize the container: Download, create and initialize the container:
```sh ```sh
docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \ --restart=unless-stopped \
-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \ -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443' jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443'
``` ```
@ -74,21 +67,12 @@ If you want to use a different port, replace all occurrences of `443` with the a
command above (including `-p ...`). But if you have an existing website that should be accessible on command above (including `-p ...`). But if you have an existing website that should be accessible on
port `443`, the server can transparently relay non-DNS traffic to it (see below). port `443`, the server can transparently relay non-DNS traffic to it (see below).
`--net=host` provides the best network performance, but may have to be
removed on some shared containers hosting services.
`-v /etc/dnscrypt-server:/opt/encrypted-dns/etc/keys` means that the path `/opt/encrypted-dns/etc/keys`, internal to the container, is mapped to `/etc/dnscrypt-server/keys`, the directory we just created before. Do not change `/opt/encrypted-dns/etc/keys`. But if you created a directory in a different location, replace `/etc/dnscrypt-server/keys` accordingly in the command above. `-v /etc/dnscrypt-server:/opt/encrypted-dns/etc/keys` means that the path `/opt/encrypted-dns/etc/keys`, internal to the container, is mapped to `/etc/dnscrypt-server/keys`, the directory we just created before. Do not change `/opt/encrypted-dns/etc/keys`. But if you created a directory in a different location, replace `/etc/dnscrypt-server/keys` accordingly in the command above.
__Note:__ on MacOS, don't use `-v ...:...`. Remove that part from the command-line, as current versions of MacOS and Docker don't seem to work well with shared directories. __Note:__ on MacOS, don't use `-v ...:...`. Remove that part from the command-line, as current versions of MacOS and Docker don't seem to work well with shared directories.
The `init` command will print the DNS stamp of your server. The `init` command will print the DNS stamp of your server.
Now, to start the whole stack:
```sh
docker start dnscrypt-server
```
Done. Done.
You can verify that the server is running with: You can verify that the server is running with:
@ -144,13 +128,12 @@ docker rename dnscrypt-server dnscrypt-server-old
5. Use the `init` command again and start the new container: 5. Use the `init` command again and start the new container:
```sh ```sh
docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \ --restart=unless-stopped \
-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \ -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443' jedisct1/dnscrypt-server init -N example.com -E '192.168.1.1:443'
# (adjust accordingly) # (adjust accordingly)
docker start dnscrypt-server
docker ps # Check that it's running docker ps # Check that it's running
``` ```