diff --git a/Dockerfile b/Dockerfile index f1afae1..dec7dff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ ENV RUSTFLAGS "-C link-arg=-s" RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \ curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly && \ export PATH="$HOME/.cargo/bin:$PATH" && \ - echo "Compiling encrypted-dns version 0.3.3" && \ + echo "Compiling encrypted-dns version 0.3.5" && \ cargo install encrypted-dns && \ mkdir -p /opt/encrypted-dns/sbin && \ mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \ @@ -73,7 +73,7 @@ COPY watchdog.sh /etc/service/watchdog/run VOLUME ["/opt/encrypted-dns/etc/keys"] -EXPOSE 443/udp 443/tcp +EXPOSE 443/udp 443/tcp 9100/tcp CMD ["/entrypoint.sh", "start"] diff --git a/README.md b/README.md index fa61aff..290b7bb 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,13 @@ TLS (including HTTPS and DoH) forwarding If the DNS server is listening to port `443`, but you still want to have a web (or DoH) service accessible on that port, add the `-T` switch followed by the backend server IP and port to the `init` command (for example: `-T 10.0.0.1:4443`). +Prometheus metrics +================== + +Metrics are accessible inside the container as http://127.0.0.1:9100/metrics. + +They can be made accessible outside of the container by adding the `-M` option followed by the IP and port (for example: `-M 0.0.0.0:9100`). + Join the network ================ diff --git a/encrypted-dns.toml.in b/encrypted-dns.toml.in index 725ed7b..17d1f58 100644 --- a/encrypted-dns.toml.in +++ b/encrypted-dns.toml.in @@ -50,10 +50,10 @@ udp_max_active_connections = 1000 tcp_max_active_connections = 100 -## IP address to connect to upstream servers from. -## You probably do not want to change this. `0.0.0.0` should be fine. +## Optional IP address to connect to upstream servers from. +## Leave commented/undefined to automatically select it. -external_addr = "0.0.0.0" +# external_addr = "0.0.0.0" ## Built-in DNS cache capacity @@ -168,12 +168,11 @@ key_cache_capacity = 10000 # Metrics # ######################### -# [metrics] - -# type = "prometheus" -# listen_addr = "0.0.0.0:9100" -# path = "/metrics" +[metrics] +type = "prometheus" +listen_addr = "@METRICS_ADDRESS@" +path = "/metrics" ################################ @@ -199,4 +198,4 @@ allow_non_reserved_ports = false # Blacklisted upstream IP addresses -blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ] \ No newline at end of file +blacklisted_ips = [ @ANONDNS_BLACKLISTED_IPS@ ] diff --git a/entrypoint.sh b/entrypoint.sh index cb335f3..dc1c110 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,8 +14,6 @@ CONF_DIR="/opt/encrypted-dns/etc" CONFIG_FILE="${CONF_DIR}/encrypted-dns.toml" CONFIG_FILE_TEMPLATE="${CONF_DIR}/encrypted-dns.toml.in" -# -N provider-name -E external-ip-address:port - init() { if [ "$(is_initialized)" = yes ]; then start @@ -25,13 +23,16 @@ init() { anondns_enabled="false" anondns_blacklisted_ips="" - while getopts "h?N:E:T:A" opt; do + metrics_address="127.0.0.1:9100" + + while getopts "h?N:E:T:AM:" opt; do case "$opt" in h | \?) usage ;; N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; T) tls_proxy_upstream_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; A) anondns_enabled="true" ;; + M) metrics_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;; esac done [ -z "$provider_name" ] && usage @@ -73,6 +74,7 @@ init() { -e "s#@DOMAIN_BLACKLIST_CONFIGURATION@#${domain_blacklist_configuration}#" \ -e "s#@ANONDNS_ENABLED@#${anondns_enabled}#" \ -e "s#@ANONDNS_BLACKLISTED_IPS@#${anondns_blacklisted_ips}#" \ + -e "s#@METRICS_ADDRESS@#${metrics_address}#" \ "$CONFIG_FILE_TEMPLATE" >"$CONFIG_FILE" mkdir -p -m 700 "${STATE_DIR}"