mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-10-30 21:20:12 +00:00
Require the external IP address
This commit is contained in:
parent
c6a49bd4df
commit
d5d527ca1c
@ -47,7 +47,7 @@ RUN set -x && \
|
||||
rm -fr /tmp/* /var/tmp/*
|
||||
|
||||
ENV DNSCRYPT_WRAPPER_GIT_URL https://github.com/jedisct1/dnscrypt-wrapper.git
|
||||
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha20
|
||||
ENV DNSCRYPT_WRAPPER_GIT_BRANCH xchacha20-stamps
|
||||
|
||||
COPY queue.h /tmp
|
||||
|
||||
|
@ -23,9 +23,11 @@ Let's pick `example.com` here.
|
||||
Download, create and initialize the container, once and for all:
|
||||
|
||||
$ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
|
||||
jedisct1/unbound-dnscrypt-server init -N example.com
|
||||
jedisct1/unbound-dnscrypt-server init -N example.com -L 192.168.1.1:443
|
||||
|
||||
This will only accept connections via DNSCrypt on the standard port (443).
|
||||
This will only accept connections via DNSCrypt on the standard port (443). Replace
|
||||
`192.168.1.1` with the actual external IP address (not the internal Docker one)
|
||||
clients will connect to.
|
||||
|
||||
`--net=host` provides the best network performance, but may have to be
|
||||
removed on some shared containers hosting services.
|
||||
|
@ -6,17 +6,18 @@ action="$1"
|
||||
|
||||
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
|
||||
|
||||
# -N provider-name
|
||||
# -N provider-name -L external-ip-address:port
|
||||
|
||||
init() {
|
||||
if [ $(is_initialized) = yes ]; then
|
||||
start
|
||||
exit $?
|
||||
fi
|
||||
while getopts "h?N:" opt; do
|
||||
while getopts "h?N:L:" opt; do
|
||||
case "$opt" in
|
||||
h|\?) usage ;;
|
||||
N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||
L) listen_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
|
||||
esac
|
||||
done
|
||||
[ -z "$provider_name" ] && usage
|
||||
@ -26,8 +27,17 @@ init() {
|
||||
*) provider_name="2.dnscrypt-cert.${provider_name}"
|
||||
esac
|
||||
echo "Provider name: [$provider_name]"
|
||||
|
||||
[ -z "$listen_address" ] && usage
|
||||
case "$listen_address" in
|
||||
.*) usage ;;
|
||||
0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
|
||||
esac
|
||||
echo "Provider name: [$provider_name]"
|
||||
cd "$KEYS_DIR"
|
||||
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-provider-keypair | \
|
||||
/opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
|
||||
--gen-provider-keypair --nolog --dnssec \
|
||||
--provider-name="$provider_name" --listen-address="$listen_address" | \
|
||||
tee "${KEYS_DIR}/provider-info.txt"
|
||||
chmod 640 "${KEYS_DIR}/secret.key"
|
||||
chmod 644 "${KEYS_DIR}/public.key"
|
||||
@ -81,8 +91,9 @@ usage() {
|
||||
Commands
|
||||
========
|
||||
|
||||
* init -N <provider_name>: initialize the container for a new provider named <provider_name>
|
||||
This is supposed to be called only once.
|
||||
* init -N <provider_name> -L <external ip>:<port>
|
||||
initialize the container for a server accessible at ip <external ip> on port
|
||||
<port>, for a provider named <provider_name>. This is required only once.
|
||||
|
||||
* start (default command): start the resolver and the dnscrypt server proxy.
|
||||
Ports 443/udp and 443/tcp have to be publicly exposed.
|
||||
|
@ -10,7 +10,7 @@ spec:
|
||||
containers:
|
||||
- name: dnscrypt-init
|
||||
image: jedisct1/unbound-dnscrypt-server
|
||||
command: ["/entrypoint.sh", "init", "-N", "example.com"]
|
||||
command: ["/entrypoint.sh", "init", "-N", "example.com", "-L", "192.168.1.1:443"]
|
||||
volumeMounts:
|
||||
- name: dnscrypt-keys
|
||||
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||
|
Loading…
Reference in New Issue
Block a user