From 2ceeabc6805b2ea5e0748d96966920508b3548f6 Mon Sep 17 00:00:00 2001 From: kev Date: Sat, 30 May 2015 21:21:24 +0800 Subject: [PATCH] update --- dnscrypt/README.md | 36 +++++++++++++++++++++++ dnscrypt/proxy/Dockerfile | 57 ++++++++++++++++++------------------ dnscrypt/proxy/README.md | 29 ------------------ dnscrypt/proxy/fig.yml | 6 ---- dnscrypt/proxy/pdnsd.conf | 37 ----------------------- dnscrypt/proxy/services.conf | 7 ----- dnscrypt/wrapper/Dockerfile | 19 ++++++------ dnscrypt/wrapper/README.md | 3 -- 8 files changed, 74 insertions(+), 120 deletions(-) create mode 100644 dnscrypt/README.md delete mode 100644 dnscrypt/proxy/README.md delete mode 100644 dnscrypt/proxy/fig.yml delete mode 100644 dnscrypt/proxy/pdnsd.conf delete mode 100644 dnscrypt/proxy/services.conf delete mode 100644 dnscrypt/wrapper/README.md diff --git a/dnscrypt/README.md b/dnscrypt/README.md new file mode 100644 index 0000000..87b6336 --- /dev/null +++ b/dnscrypt/README.md @@ -0,0 +1,36 @@ +dnscrypt +======== + +## About + +- `dnscrypt-wrapper` - A server-side dnscrypt proxy. +- `dnscrypt-proxy` - A protocol for securing communications between a client and a DNS resolver. + +## Fig + + wrapper: + image: vimagick/dnscrypt-wrapper + ports: + - "443:443/udp" + - "443:443/tcp" + restart: always + + proxy: + image: vimagick/dnscrypt-proxy + ports: + - "53:53/udp" + - "53:53/tcp" + restart: always + +## Run + + fig up -d + +## Test + + # UDP + dig @127.0.0.1 www.google.com + + # TCP + dig @127.0.0.1 www.youtube.com +tcp + diff --git a/dnscrypt/proxy/Dockerfile b/dnscrypt/proxy/Dockerfile index a6c6fb4..37b88a6 100644 --- a/dnscrypt/proxy/Dockerfile +++ b/dnscrypt/proxy/Dockerfile @@ -1,37 +1,38 @@ # -# Dockerfile for dnscrypt +# Dockerfile for dnscrypt-proxy # -FROM ubuntu:14.04 +FROM debian:jessie MAINTAINER kev -RUN apt-get update -RUN apt-get install -y build-essential supervisor pdnsd -RUN apt-get clean +RUN apt-get update \ + && apt-get install -y build-essential curl \ + && mkdir libsodium \ + && cd libsodium \ + && curl -sSL https://download.libsodium.org/libsodium/releases/libsodium-1.0.3.tar.gz | tar xz --strip 1 -C libsodium + && ./configure --prefix=/usr \ + && make install \ + && ldconfig \ + && cd .. \ + && rm -rf libsodium \ + && mkdir dnscrypt-proxy \ + && cd dnscrypt-proxy \ + && curl -sSL http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz | tar xz --strip 1 -C dnscrypt-proxy \ + && ./configure --prefix=/usr \ + && make install \ + && cd .. \ + && rm -rf dnscrypt-proxy \ + && rm -rf /usr/lib/apt/lists/* -ADD ./services.conf /etc/supervisor/conf.d/ -ADD ./pdnsd.conf /etc/ -ADD https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz /tmp/pkgs/ -ADD http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz /tmp/pkgs/ +ENV LISTEN_ADDR 0.0.0.0:53 +ENV RESOLVER_ADDR 208.67.220.220:443 +ENV PROVIDER_NAME 2.dnscrypt-cert.opendns.com +ENV PROVIDER_KEY B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 -WORKDIR /tmp/pkgs/ +EXPOSE 53/tcp 53/udp -RUN tar xzf libsodium-1.0.2.tar.gz && \ - cd libsodium-1.0.2 && \ - ./configure && \ - make && \ - make install +CMD dnscrypt-proxy --local-address $LISTEN_ADDR \ + --provider-name $PROVIDER_NAME \ + --provider-key $PROVIDER_KEY \ + --resolver-address $RESOLVER_ADDR -RUN echo /usr/local/lib > /etc/ld.so.conf.d/local.conf && ldconfig - -RUN tar xzf dnscrypt-proxy-1.4.3.tar.gz && \ - cd dnscrypt-proxy-1.4.3 && \ - ./configure && \ - make && \ - make install - -WORKDIR / -RUN rm -r /tmp/pkgs/ -EXPOSE 53 53/udp - -CMD supervisord -n -c /etc/supervisor/supervisord.conf diff --git a/dnscrypt/proxy/README.md b/dnscrypt/proxy/README.md deleted file mode 100644 index 316a8e8..0000000 --- a/dnscrypt/proxy/README.md +++ /dev/null @@ -1,29 +0,0 @@ -dnscrypt + pdnsd -================ - -## About - -- dnscrypt: A protocol for securing communications between a client and a DNS resolver. -- pdnsd: A DNS server designed for local caching of DNS information. - -## Fig - - dnscrypt: - image: vimagick/dnscrypt - ports: - - "53:53/udp" - - "53:53/tcp" - restart: always - -## Run - - fig up -d - -## Test - - # UDP - dig @127.0.0.1 www.google.com - - # TCP - dig @127.0.0.1 www.youtube.com +tcp - diff --git a/dnscrypt/proxy/fig.yml b/dnscrypt/proxy/fig.yml deleted file mode 100644 index 1df501d..0000000 --- a/dnscrypt/proxy/fig.yml +++ /dev/null @@ -1,6 +0,0 @@ -dnscrypt: - image: vimagick/dnscrypt - ports: - - "53:53/udp" - - "53:53/tcp" - restart: always diff --git a/dnscrypt/proxy/pdnsd.conf b/dnscrypt/proxy/pdnsd.conf deleted file mode 100644 index da2765e..0000000 --- a/dnscrypt/proxy/pdnsd.conf +++ /dev/null @@ -1,37 +0,0 @@ -global { - perm_cache=16384; - cache_dir="/var/cache/pdnsd"; - run_as="pdnsd"; - server_ip = 0.0.0.0; - status_ctl = on; - query_method=udp_tcp; - min_ttl=15m; # Retain cached entries at least 15 minutes. - max_ttl=1w; # One week. - timeout=10; # Global timeout option (10 seconds). - neg_domain_pol=on; - udpbufsize=1024; # Upper limit on the size of UDP messages. -} - -server { - label = "dnscrypt-proxy"; - ip = 127.0.0.1; - port = 2053; - timeout = 4; - uptest = query; - interval = 15m; - proxy_only=on; -} - -source { - owner=localhost; - file="/etc/hosts"; -} - - -rr { - name=localhost; - reverse=on; - a=127.0.0.1; - owner=localhost; - soa=localhost,root.localhost,42,86400,900,86400,86400; -} diff --git a/dnscrypt/proxy/services.conf b/dnscrypt/proxy/services.conf deleted file mode 100644 index 839d9bc..0000000 --- a/dnscrypt/proxy/services.conf +++ /dev/null @@ -1,7 +0,0 @@ -[program:dnscrypt] -priority = 100 -command = dnscrypt-proxy -a 127.0.0.1:2053 -R opendns - -[program:pdnsd] -priority = 200 -command = pdnsd -c /etc/pdnsd.conf diff --git a/dnscrypt/wrapper/Dockerfile b/dnscrypt/wrapper/Dockerfile index bb71787..9c12dab 100644 --- a/dnscrypt/wrapper/Dockerfile +++ b/dnscrypt/wrapper/Dockerfile @@ -3,7 +3,6 @@ # FROM debian:jessie - MAINTAINER kev RUN apt-get update \ @@ -31,6 +30,7 @@ RUN apt-get update \ && apt-get remove -y autoconf \ automake \ build-essential \ + curl \ git \ libevent-dev \ && rm -rf /var/lib/apt/lists/* @@ -45,20 +45,19 @@ RUN mkdir -p /var/lib/dnscrypt-wrapper \ --provider-secretkey-file=secret.key \ --gen-cert-file > cert_file.txt -ENV RESOLVER_ADDR 8.8.8.8 -ENV RESOLVER_PORT 53 -ENV LISTEN_ADDR 0.0.0.0 -ENV LISTEN_PORT 443 -ENV PROVIDER_NAME 2.dnscrypt-cert.yourdomain.com +ENV RESOLVER_ADDR 8.8.8.8:53 +ENV LISTEN_ADDR 0.0.0.0:443 +ENV PROVIDER_NAME 2.dnscrypt-cert.datageek.info WORKDIR /var/lib/dnscrypt-wrapper VOLUME /var/lib/dnscrypt-wrapper + EXPOSE 443/tcp 443/udp -CMD dnscrypt-wrapper -r ${RESOLVER_ADDR}:${RESOLVER_PORT} \ - -a ${LISTEN_ADDR}:${LISTEN_PORT} \ - --crypt-publickey-file=crypt_public.key \ +CMD dnscrypt-wrapper --crypt-publickey-file=crypt_public.key \ --crypt-secretkey-file=crypt_secret.key \ + --local-address ${LISTEN_ADDR} \ --provider-cert-file=dnscrypt.cert \ - --provider-name=${PROVIDER_NAME} + --provider-name=${PROVIDER_NAME} \ + --resolver-address ${RESOLVER_ADDR} diff --git a/dnscrypt/wrapper/README.md b/dnscrypt/wrapper/README.md deleted file mode 100644 index 0543042..0000000 --- a/dnscrypt/wrapper/README.md +++ /dev/null @@ -1,3 +0,0 @@ -[`dnscrypt-wrapper`][1] - A server-side dnscrypt proxy. - -[1]: https://github.com/Cofyc/dnscrypt-wrapper