diff options
Diffstat (limited to 'terminaldweller.com/doh2')
-rw-r--r-- | terminaldweller.com/doh2/Dockerfile | 18 | ||||
-rw-r--r-- | terminaldweller.com/doh2/docker-compose.yaml | 19 | ||||
-rwxr-xr-x | terminaldweller.com/doh2/docker-entrypoint.sh | 30 |
3 files changed, 67 insertions, 0 deletions
diff --git a/terminaldweller.com/doh2/Dockerfile b/terminaldweller.com/doh2/Dockerfile new file mode 100644 index 0000000..5b75994 --- /dev/null +++ b/terminaldweller.com/doh2/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:3.17 as builder +ENV GOPROXY=https://goproxy.io +RUN apk update && apk upgrade +RUN apk add go git +ENV GOPROXY=https://goproxy.io +RUN git clone https://github.com/AdguardTeam/dnsproxy && cd dnsproxy && go build -mod=vendor + +FROM alpine:3.17 as certbuilder +RUN apk add openssl +WORKDIR /certs +RUN openssl req -nodes -new -x509 -subj="/C=US/ST=Denial/L=springfield/O=Dis/CN=doh2.terminaldweller.com" -keyout server.key -out server.cert + +# FROM gcr.io/distroless/static-debian10 +FROM alpine:3.17 +COPY --from=certbuilder /certs /certs +COPY --from=builder /dnsproxy/dnsproxy /dnsproxy/dnsproxy +COPY ./docker-entrypoint.sh /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/terminaldweller.com/doh2/docker-compose.yaml b/terminaldweller.com/doh2/docker-compose.yaml new file mode 100644 index 0000000..ec06a78 --- /dev/null +++ b/terminaldweller.com/doh2/docker-compose.yaml @@ -0,0 +1,19 @@ +version: "3" +services: + dnsproxy: + image: bloodstalker/dnsproxy + # build: + # context: . + networks: + - doh2net + ports: + - "8844:8844" + - "8845:8845" + - "8846:8846" + - "8847:8847" + restart: unless-stopped + entrypoint: ["/docker-entrypoint.sh"] + volumes: + - /etc/letsencrypt/archive/doh2.terminaldweller.com/:/certs/:ro +networks: + doh2net: diff --git a/terminaldweller.com/doh2/docker-entrypoint.sh b/terminaldweller.com/doh2/docker-entrypoint.sh new file mode 100755 index 0000000..c99042a --- /dev/null +++ b/terminaldweller.com/doh2/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +/dnsproxy/dnsproxy \ + --tls-cert /certs/fullchain1.pem \ + --tls-key /certs/privkey1.pem \ + -l 0.0.0.0 \ + -p 0 \ + --https-port 8844 \ + --tls-port 8845 \ + --quic-port 8846 \ + --dnscrypt-port 8847 \ + -u sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk \ + -u sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 \ + -u tls://dns.adguard.com \ + -u https://dns.adguard.com/dns-query \ + -u quic://dns.adguard.com \ + -b 1.1.1.1:53 \ + -b 9.9.9.9:53 \ + --http3 \ + -f 1.1.1.1:53 \ + -f 9.9.9.9:53 \ + --ratelimit 15 \ + --refuse-any \ + --cache \ + --cache-size 1048576 \ + --cache-min-ttl 900 \ + --cache-max-ttl 14400 \ + --cache-optimistic \ + --tls-min-version 1.3 \ + --tls-max-version 1.3 |