Activate DNS-over-TLS server when certificates, keys and ports are configured.
This commit is contained in:
parent
0aeca6bbf5
commit
229ef78085
12
config.go
12
config.go
|
@ -63,12 +63,12 @@ var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
|
||||||
|
|
||||||
// field ordering is important -- yaml fields will mirror ordering from here
|
// field ordering is important -- yaml fields will mirror ordering from here
|
||||||
type tlsConfig struct {
|
type tlsConfig struct {
|
||||||
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
|
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
|
||||||
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
|
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
|
||||||
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
|
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
|
||||||
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
|
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
|
||||||
CertificateChain string `yaml:"certificate_chain" json:"certificate_chain"`
|
|
||||||
PrivateKey string `yaml:"private_key" json:"private_key"`
|
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
||||||
|
|
||||||
// only for API, no need to be stored in config
|
// only for API, no need to be stored in config
|
||||||
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
|
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
|
||||||
|
|
5
dns.go
5
dns.go
|
@ -51,6 +51,11 @@ func generateServerConfig() dnsforward.ServerConfig {
|
||||||
Filters: filters,
|
Filters: filters,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
newconfig.TLSConfig = config.TLS.TLSConfig
|
||||||
|
if config.TLS.PortDNSOverTLS != 0 {
|
||||||
|
newconfig.TLSListenAddr = &net.TCPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.TLS.PortDNSOverTLS}
|
||||||
|
}
|
||||||
|
|
||||||
for _, u := range config.DNS.UpstreamDNS {
|
for _, u := range config.DNS.UpstreamDNS {
|
||||||
dnsUpstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS, dnsforward.DefaultTimeout)
|
dnsUpstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS, dnsforward.DefaultTimeout)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package dnsforward
|
package dnsforward
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
|
@ -55,6 +56,7 @@ func NewServer(baseDir string) *Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
// FilteringConfig represents the DNS filtering configuration of AdGuard Home
|
// FilteringConfig represents the DNS filtering configuration of AdGuard Home
|
||||||
|
// The zero FilteringConfig is empty and ready for use.
|
||||||
type FilteringConfig struct {
|
type FilteringConfig struct {
|
||||||
ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
|
ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
|
||||||
FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
|
FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
|
||||||
|
@ -68,6 +70,12 @@ type FilteringConfig struct {
|
||||||
dnsfilter.Config `yaml:",inline"`
|
dnsfilter.Config `yaml:",inline"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type TLSConfig struct {
|
||||||
|
TLSListenAddr *net.TCPAddr `yaml:"-" json:"-"`
|
||||||
|
CertificateChain string `yaml:"certificate_chain" json:"certificate_chain"`
|
||||||
|
PrivateKey string `yaml:"private_key" json:"private_key"`
|
||||||
|
}
|
||||||
|
|
||||||
// ServerConfig represents server configuration.
|
// ServerConfig represents server configuration.
|
||||||
// The zero ServerConfig is empty and ready for use.
|
// The zero ServerConfig is empty and ready for use.
|
||||||
type ServerConfig struct {
|
type ServerConfig struct {
|
||||||
|
@ -77,6 +85,7 @@ type ServerConfig struct {
|
||||||
Filters []dnsfilter.Filter // A list of filters to use
|
Filters []dnsfilter.Filter // A list of filters to use
|
||||||
|
|
||||||
FilteringConfig
|
FilteringConfig
|
||||||
|
TLSConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
// if any of ServerConfig values are zero, then default values from below are used
|
// if any of ServerConfig values are zero, then default values from below are used
|
||||||
|
@ -154,6 +163,15 @@ func (s *Server) startInternal(config *ServerConfig) error {
|
||||||
Handler: s.handleDNSRequest,
|
Handler: s.handleDNSRequest,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if s.TLSListenAddr != nil && s.CertificateChain != "" && s.PrivateKey != "" {
|
||||||
|
proxyConfig.TLSListenAddr = s.TLSListenAddr
|
||||||
|
keypair, err := tls.X509KeyPair([]byte(s.CertificateChain), []byte(s.PrivateKey))
|
||||||
|
if err != nil {
|
||||||
|
return errorx.Decorate(err, "Failed to parse TLS keypair")
|
||||||
|
}
|
||||||
|
proxyConfig.TLSConfig = &tls.Config{Certificates: []tls.Certificate{keypair}}
|
||||||
|
}
|
||||||
|
|
||||||
if proxyConfig.UDPListenAddr == nil {
|
if proxyConfig.UDPListenAddr == nil {
|
||||||
proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
|
proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue