From df3647e3808410325154852432713bb16b828af0 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Sat, 30 May 2015 22:22:28 +0800
Subject: [PATCH] update

---
 dnscrypt/README.md          | 34 ++++++++++++++++++++++++++--------
 dnscrypt/proxy/Dockerfile   |  8 ++++----
 dnscrypt/wrapper/Dockerfile |  5 +++--
 3 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/dnscrypt/README.md b/dnscrypt/README.md
index 87b6336..b09a92b 100644
--- a/dnscrypt/README.md
+++ b/dnscrypt/README.md
@@ -6,13 +6,17 @@ dnscrypt
 - `dnscrypt-wrapper` - A server-side dnscrypt proxy.
 - `dnscrypt-proxy` - A protocol for securing communications between a client and a DNS resolver.
 
-## Fig
+## Config
 
     wrapper:
       image: vimagick/dnscrypt-wrapper
       ports:
         - "443:443/udp"
         - "443:443/tcp"
+      environment:
+        - LISTEN_ADDR=0.0.0.0:443
+        - RESOLVER_ADDR=8.8.8.8:53
+        - PROVIDER_NAME=2.dnscrypt-cert.datageek.info
       restart: always
 
     proxy:
@@ -20,17 +24,31 @@ dnscrypt
       ports:
         - "53:53/udp"
         - "53:53/tcp"
+      environment:
+        - LISTEN_ADDR=0.0.0.0:443
+        - RESOLVER_ADDR=1.2.3.4:443
+        - PROVIDER_NAME=2.dnscrypt-cert.datageek.info
+        - PROVIDER_KEY=4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
       restart: always
 
-## Run
+> `RESOLVER_ADDR` is server public ip address.
 
-    fig up -d
+## Server
 
-## Test
+    $ cd dnscrypt
+    $ fig up -d wrapper
+    $ docker exec -it dnscrypt_wrapper_1 cat provider_keypair.txt
+    Public key fingerprint: 4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
 
-    # UDP
-    dig @127.0.0.1 www.google.com
+## Client
 
-    # TCP
-    dig @127.0.0.1 www.youtube.com +tcp
+    $ cd dnscrypt
+    $ fig up -d proxy
+    $ dig @127.0.0.1 www.google.com
+    $ dig @127.0.0.1 www.youtube.com +tcp
 
+## Note
+
+You'd better to use `vimagick/dnscrypt-proxy` as backend of `dnsmasq` or `pdnsd` for better performance.
+
+Please read [this](https://github.com/Cofyc/dnscrypt-wrapper) to re-generate keys!
diff --git a/dnscrypt/proxy/Dockerfile b/dnscrypt/proxy/Dockerfile
index efd5e9a..2d829da 100644
--- a/dnscrypt/proxy/Dockerfile
+++ b/dnscrypt/proxy/Dockerfile
@@ -31,8 +31,8 @@ ENV PROVIDER_KEY B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE0
 
 EXPOSE 53/tcp 53/udp
 
-CMD dnscrypt-proxy --local-address $LISTEN_ADDR \
-                   --provider-name $PROVIDER_NAME \
-                   --provider-key $PROVIDER_KEY \
-                   --resolver-address $RESOLVER_ADDR
+CMD dnscrypt-proxy --local-address=$LISTEN_ADDR \
+                   --provider-name=$PROVIDER_NAME \
+                   --provider-key=$PROVIDER_KEY \
+                   --resolver-address=$RESOLVER_ADDR
 
diff --git a/dnscrypt/wrapper/Dockerfile b/dnscrypt/wrapper/Dockerfile
index 70ee106..8fea68f 100644
--- a/dnscrypt/wrapper/Dockerfile
+++ b/dnscrypt/wrapper/Dockerfile
@@ -56,8 +56,9 @@ EXPOSE 443/tcp 443/udp
 
 CMD dnscrypt-wrapper --crypt-publickey-file=crypt_public.key \
                      --crypt-secretkey-file=crypt_secret.key \
-                     --listen-address ${LISTEN_ADDR} \
+                     --listen-address=${LISTEN_ADDR} \
                      --provider-cert-file=dnscrypt.cert \
                      --provider-name=${PROVIDER_NAME} \
-                     --resolver-address ${RESOLVER_ADDR}
+                     --resolver-address=${RESOLVER_ADDR} \
+                     --verbose