mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-11-28 09:08:36 +02:00
update
This commit is contained in:
kev
parent
697f647394
commit
2ceeabc680
36
dnscrypt/README.md
Normal file
36
dnscrypt/README.md
Normal file
@ -0,0 +1,36 @@
|
||||
dnscrypt
|
||||
========
|
||||
|
||||
## About
|
||||
|
||||
- `dnscrypt-wrapper` - A server-side dnscrypt proxy.
|
||||
- `dnscrypt-proxy` - A protocol for securing communications between a client and a DNS resolver.
|
||||
|
||||
## Fig
|
||||
|
||||
wrapper:
|
||||
image: vimagick/dnscrypt-wrapper
|
||||
ports:
|
||||
- "443:443/udp"
|
||||
- "443:443/tcp"
|
||||
restart: always
|
||||
|
||||
proxy:
|
||||
image: vimagick/dnscrypt-proxy
|
||||
ports:
|
||||
- "53:53/udp"
|
||||
- "53:53/tcp"
|
||||
restart: always
|
||||
|
||||
## Run
|
||||
|
||||
fig up -d
|
||||
|
||||
## Test
|
||||
|
||||
# UDP
|
||||
dig @127.0.0.1 www.google.com
|
||||
|
||||
# TCP
|
||||
dig @127.0.0.1 www.youtube.com +tcp
|
||||
|
||||
@ -1,37 +1,38 @@
|
||||
#
|
||||
# Dockerfile for dnscrypt
|
||||
# Dockerfile for dnscrypt-proxy
|
||||
#
|
||||
|
||||
FROM ubuntu:14.04
|
||||
FROM debian:jessie
|
||||
MAINTAINER kev <noreply@datageek.info>
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y build-essential supervisor pdnsd
|
||||
RUN apt-get clean
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y build-essential curl \
|
||||
&& mkdir libsodium \
|
||||
&& cd libsodium \
|
||||
&& curl -sSL https://download.libsodium.org/libsodium/releases/libsodium-1.0.3.tar.gz | tar xz --strip 1 -C libsodium
|
||||
&& ./configure --prefix=/usr \
|
||||
&& make install \
|
||||
&& ldconfig \
|
||||
&& cd .. \
|
||||
&& rm -rf libsodium \
|
||||
&& mkdir dnscrypt-proxy \
|
||||
&& cd dnscrypt-proxy \
|
||||
&& curl -sSL http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz | tar xz --strip 1 -C dnscrypt-proxy \
|
||||
&& ./configure --prefix=/usr \
|
||||
&& make install \
|
||||
&& cd .. \
|
||||
&& rm -rf dnscrypt-proxy \
|
||||
&& rm -rf /usr/lib/apt/lists/*
|
||||
|
||||
ADD ./services.conf /etc/supervisor/conf.d/
|
||||
ADD ./pdnsd.conf /etc/
|
||||
ADD https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz /tmp/pkgs/
|
||||
ADD http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz /tmp/pkgs/
|
||||
ENV LISTEN_ADDR 0.0.0.0:53
|
||||
ENV RESOLVER_ADDR 208.67.220.220:443
|
||||
ENV PROVIDER_NAME 2.dnscrypt-cert.opendns.com
|
||||
ENV PROVIDER_KEY B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
|
||||
|
||||
WORKDIR /tmp/pkgs/
|
||||
EXPOSE 53/tcp 53/udp
|
||||
|
||||
RUN tar xzf libsodium-1.0.2.tar.gz && \
|
||||
cd libsodium-1.0.2 && \
|
||||
./configure && \
|
||||
make && \
|
||||
make install
|
||||
CMD dnscrypt-proxy --local-address $LISTEN_ADDR \
|
||||
--provider-name $PROVIDER_NAME \
|
||||
--provider-key $PROVIDER_KEY \
|
||||
--resolver-address $RESOLVER_ADDR
|
||||
|
||||
RUN echo /usr/local/lib > /etc/ld.so.conf.d/local.conf && ldconfig
|
||||
|
||||
RUN tar xzf dnscrypt-proxy-1.4.3.tar.gz && \
|
||||
cd dnscrypt-proxy-1.4.3 && \
|
||||
./configure && \
|
||||
make && \
|
||||
make install
|
||||
|
||||
WORKDIR /
|
||||
RUN rm -r /tmp/pkgs/
|
||||
EXPOSE 53 53/udp
|
||||
|
||||
CMD supervisord -n -c /etc/supervisor/supervisord.conf
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
dnscrypt + pdnsd
|
||||
================
|
||||
|
||||
## About
|
||||
|
||||
- dnscrypt: A protocol for securing communications between a client and a DNS resolver.
|
||||
- pdnsd: A DNS server designed for local caching of DNS information.
|
||||
|
||||
## Fig
|
||||
|
||||
dnscrypt:
|
||||
image: vimagick/dnscrypt
|
||||
ports:
|
||||
- "53:53/udp"
|
||||
- "53:53/tcp"
|
||||
restart: always
|
||||
|
||||
## Run
|
||||
|
||||
fig up -d
|
||||
|
||||
## Test
|
||||
|
||||
# UDP
|
||||
dig @127.0.0.1 www.google.com
|
||||
|
||||
# TCP
|
||||
dig @127.0.0.1 www.youtube.com +tcp
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
dnscrypt:
|
||||
image: vimagick/dnscrypt
|
||||
ports:
|
||||
- "53:53/udp"
|
||||
- "53:53/tcp"
|
||||
restart: always
|
||||
@ -1,37 +0,0 @@
|
||||
global {
|
||||
perm_cache=16384;
|
||||
cache_dir="/var/cache/pdnsd";
|
||||
run_as="pdnsd";
|
||||
server_ip = 0.0.0.0;
|
||||
status_ctl = on;
|
||||
query_method=udp_tcp;
|
||||
min_ttl=15m; # Retain cached entries at least 15 minutes.
|
||||
max_ttl=1w; # One week.
|
||||
timeout=10; # Global timeout option (10 seconds).
|
||||
neg_domain_pol=on;
|
||||
udpbufsize=1024; # Upper limit on the size of UDP messages.
|
||||
}
|
||||
|
||||
server {
|
||||
label = "dnscrypt-proxy";
|
||||
ip = 127.0.0.1;
|
||||
port = 2053;
|
||||
timeout = 4;
|
||||
uptest = query;
|
||||
interval = 15m;
|
||||
proxy_only=on;
|
||||
}
|
||||
|
||||
source {
|
||||
owner=localhost;
|
||||
file="/etc/hosts";
|
||||
}
|
||||
|
||||
|
||||
rr {
|
||||
name=localhost;
|
||||
reverse=on;
|
||||
a=127.0.0.1;
|
||||
owner=localhost;
|
||||
soa=localhost,root.localhost,42,86400,900,86400,86400;
|
||||
}
|
||||
@ -1,7 +0,0 @@
|
||||
[program:dnscrypt]
|
||||
priority = 100
|
||||
command = dnscrypt-proxy -a 127.0.0.1:2053 -R opendns
|
||||
|
||||
[program:pdnsd]
|
||||
priority = 200
|
||||
command = pdnsd -c /etc/pdnsd.conf
|
||||
@ -3,7 +3,6 @@
|
||||
#
|
||||
|
||||
FROM debian:jessie
|
||||
|
||||
MAINTAINER kev <noreply@datageek.info>
|
||||
|
||||
RUN apt-get update \
|
||||
@ -31,6 +30,7 @@ RUN apt-get update \
|
||||
&& apt-get remove -y autoconf \
|
||||
automake \
|
||||
build-essential \
|
||||
curl \
|
||||
git \
|
||||
libevent-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
@ -45,20 +45,19 @@ RUN mkdir -p /var/lib/dnscrypt-wrapper \
|
||||
--provider-secretkey-file=secret.key \
|
||||
--gen-cert-file > cert_file.txt
|
||||
|
||||
ENV RESOLVER_ADDR 8.8.8.8
|
||||
ENV RESOLVER_PORT 53
|
||||
ENV LISTEN_ADDR 0.0.0.0
|
||||
ENV LISTEN_PORT 443
|
||||
ENV PROVIDER_NAME 2.dnscrypt-cert.yourdomain.com
|
||||
ENV RESOLVER_ADDR 8.8.8.8:53
|
||||
ENV LISTEN_ADDR 0.0.0.0:443
|
||||
ENV PROVIDER_NAME 2.dnscrypt-cert.datageek.info
|
||||
|
||||
WORKDIR /var/lib/dnscrypt-wrapper
|
||||
VOLUME /var/lib/dnscrypt-wrapper
|
||||
|
||||
EXPOSE 443/tcp 443/udp
|
||||
|
||||
CMD dnscrypt-wrapper -r ${RESOLVER_ADDR}:${RESOLVER_PORT} \
|
||||
-a ${LISTEN_ADDR}:${LISTEN_PORT} \
|
||||
--crypt-publickey-file=crypt_public.key \
|
||||
CMD dnscrypt-wrapper --crypt-publickey-file=crypt_public.key \
|
||||
--crypt-secretkey-file=crypt_secret.key \
|
||||
--local-address ${LISTEN_ADDR} \
|
||||
--provider-cert-file=dnscrypt.cert \
|
||||
--provider-name=${PROVIDER_NAME}
|
||||
--provider-name=${PROVIDER_NAME} \
|
||||
--resolver-address ${RESOLVER_ADDR}
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
[`dnscrypt-wrapper`][1] - A server-side dnscrypt proxy.
|
||||
|
||||
[1]: https://github.com/Cofyc/dnscrypt-wrapper
|
||||
Loading…
Reference in New Issue
Block a user