aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/doh2
diff options
context:
space:
mode:
Diffstat (limited to 'terminaldweller.com/doh2')
-rw-r--r--terminaldweller.com/doh2/Dockerfile18
-rw-r--r--terminaldweller.com/doh2/docker-compose.yaml19
-rwxr-xr-xterminaldweller.com/doh2/docker-entrypoint.sh30
3 files changed, 67 insertions, 0 deletions
diff --git a/terminaldweller.com/doh2/Dockerfile b/terminaldweller.com/doh2/Dockerfile
new file mode 100644
index 0000000..5b75994
--- /dev/null
+++ b/terminaldweller.com/doh2/Dockerfile
@@ -0,0 +1,18 @@
+FROM alpine:3.17 as builder
+ENV GOPROXY=https://goproxy.io
+RUN apk update && apk upgrade
+RUN apk add go git
+ENV GOPROXY=https://goproxy.io
+RUN git clone https://github.com/AdguardTeam/dnsproxy && cd dnsproxy && go build -mod=vendor
+
+FROM alpine:3.17 as certbuilder
+RUN apk add openssl
+WORKDIR /certs
+RUN openssl req -nodes -new -x509 -subj="/C=US/ST=Denial/L=springfield/O=Dis/CN=doh2.terminaldweller.com" -keyout server.key -out server.cert
+
+# FROM gcr.io/distroless/static-debian10
+FROM alpine:3.17
+COPY --from=certbuilder /certs /certs
+COPY --from=builder /dnsproxy/dnsproxy /dnsproxy/dnsproxy
+COPY ./docker-entrypoint.sh /docker-entrypoint.sh
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/terminaldweller.com/doh2/docker-compose.yaml b/terminaldweller.com/doh2/docker-compose.yaml
new file mode 100644
index 0000000..ec06a78
--- /dev/null
+++ b/terminaldweller.com/doh2/docker-compose.yaml
@@ -0,0 +1,19 @@
+version: "3"
+services:
+ dnsproxy:
+ image: bloodstalker/dnsproxy
+ # build:
+ # context: .
+ networks:
+ - doh2net
+ ports:
+ - "8844:8844"
+ - "8845:8845"
+ - "8846:8846"
+ - "8847:8847"
+ restart: unless-stopped
+ entrypoint: ["/docker-entrypoint.sh"]
+ volumes:
+ - /etc/letsencrypt/archive/doh2.terminaldweller.com/:/certs/:ro
+networks:
+ doh2net:
diff --git a/terminaldweller.com/doh2/docker-entrypoint.sh b/terminaldweller.com/doh2/docker-entrypoint.sh
new file mode 100755
index 0000000..c99042a
--- /dev/null
+++ b/terminaldweller.com/doh2/docker-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+/dnsproxy/dnsproxy \
+ --tls-cert /certs/fullchain1.pem \
+ --tls-key /certs/privkey1.pem \
+ -l 0.0.0.0 \
+ -p 0 \
+ --https-port 8844 \
+ --tls-port 8845 \
+ --quic-port 8846 \
+ --dnscrypt-port 8847 \
+ -u sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk \
+ -u sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 \
+ -u tls://dns.adguard.com \
+ -u https://dns.adguard.com/dns-query \
+ -u quic://dns.adguard.com \
+ -b 1.1.1.1:53 \
+ -b 9.9.9.9:53 \
+ --http3 \
+ -f 1.1.1.1:53 \
+ -f 9.9.9.9:53 \
+ --ratelimit 15 \
+ --refuse-any \
+ --cache \
+ --cache-size 1048576 \
+ --cache-min-ttl 900 \
+ --cache-max-ttl 14400 \
+ --cache-optimistic \
+ --tls-min-version 1.3 \
+ --tls-max-version 1.3