From 65acfb75dd7fccb85cef72a790ecde8e65700612 Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Wed, 7 Oct 2020 21:01:30 +0300 Subject: [PATCH 1/2] Merge: + install.sh Merge in DNS/adguard-home from install.sh to master Fix #995 Squashed commit of the following: commit 81a5b6385574fa5bc14f7e9cc8cd707fcdc491c3 Merge: 825062a9 fb7ca942 Author: Andrey Meshkov Date: Wed Oct 7 20:40:30 2020 +0300 Merge branch 'master' into install.sh commit 825062a9cb77447bec0967635bde334218437e1f Author: Andrey Meshkov Date: Wed Oct 7 20:04:04 2020 +0300 minor fixes commit 22205d80479a1f894fe6c72afe22ba555a9e611e Author: Andrey Meshkov Date: Wed Oct 7 20:01:56 2020 +0300 * (home): fix install script commit 073b5fb8e27351094b95d85335dd3d08f65f9ee8 Author: Andrey Meshkov Date: Wed Oct 7 19:59:07 2020 +0300 * (home): update readme and install script commit d4d2e4c35ca1ea1f365e40081098ee9398196ef3 Author: Andrey Meshkov Date: Wed Oct 7 14:43:49 2020 +0300 disable parallel build commit a639b9ae44c534c7fdecd34894f5ad4ae6217472 Author: Andrey Meshkov Date: Wed Oct 7 02:48:52 2020 +0300 * (home): improve install.sh commit 4c564da714850002d1810d4d10dce859f340e3ab Author: Simon Zolin Date: Thu Oct 1 15:32:53 2020 +0300 minor commit 0ecc1a03a41201a632f650ba995f3b07a6539889 Author: Simon Zolin Date: Thu Oct 1 15:08:07 2020 +0300 * install.sh: use /opt/AdGuardHome output directory commit fd3ad73606c69e8ede086e67bc557772f9e34406 Author: Simon Zolin Date: Wed Sep 30 12:13:56 2020 +0300 * install.sh: prompt for an output directory commit 8917e8cb3d794cfa1fd7b358c89695ff719e7e4d Author: Simon Zolin Date: Tue Sep 29 18:56:54 2020 +0300 + install.sh --- Makefile | 4 +- README.md | 35 +++++-- scripts/install.sh | 229 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 258 insertions(+), 10 deletions(-) create mode 100644 scripts/install.sh diff --git a/Makefile b/Makefile index f83b45eb..121dcc91 100644 --- a/Makefile +++ b/Makefile @@ -56,10 +56,10 @@ ifeq ($(CHANNEL),edge) endif # goreleaser command depends on the $CHANNEL -GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot +GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot --parallelism 1 ifneq ($(CHANNEL),edge) # If this is not an "edge" build, use normal release command - GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish + GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --parallelism 1 endif # Version properties diff --git a/README.md b/README.md index 8f9805c3..addbf204 100644 --- a/README.md +++ b/README.md @@ -64,14 +64,29 @@ It operates as a DNS server that re-routes tracking domains to a "black hole," t ## Getting Started -Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home, and how to configure your devices to use it. +### Automated install (Linux and Mac) +Run the following command in your terminal: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh +``` + +### Alternative methods + +#### Manual installation + +Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home manually, and how to configure your devices to use it. + +#### Docker + +You can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome). + +#### Snap Store If you're running **Linux**, there's a secure and easy way to install AdGuard Home - you can get it from the [Snap Store](https://snapcraft.io/adguard-home). -Alternatively, you can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome). - ### Guides +* [FAQ](https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ) * [Configuration](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration) * [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption) * [How to install and run AdGuard Home on Raspberry Pi](https://github.com/AdguardTeam/AdGuardHome/wiki/Raspberry-Pi) @@ -228,13 +243,17 @@ There are three options how you can install an unstable version: 1. [Snap Store](https://snapcraft.io/adguard-home) -- look for "beta" and "edge" channels there. 2. [Docker Hub](https://hub.docker.com/r/adguard/adguardhome) -- look for "beta" and "edge" tags there. -3. Standalone builds. Look for the available builds below. +3. Standalone builds. Use the automated installation script or look for the available builds below. -There are three options how you can install an unstable version. +Beta: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s beta +``` -1. You can either install AdGuard Home from "beta" or "edge" distribution channel which we update periodically. If you're already using stable version of AdGuard Home, just replace the executable file with a new one. -2. You can use the Docker image from the `edge` tag, which is synced with the repo master branch. -3. You can install AdGuard Home from `beta` or `edge` channels on the Snap Store. +Edge: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s edge +``` * Beta channel builds * Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz) diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100644 index 00000000..b983322c --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,229 @@ +#!/bin/sh + +# AdGuardHome installation script +# +# 1. Download the package +# 2. Unpack it +# 3. Install as a service +# +# Requirements: +# . bash +# . which +# . printf +# . uname +# . id +# . head, tail +# . curl +# . tar or unzip +# . rm + +set -e + +log_info() +{ + printf "[info] %s\\n" "$1" +} + +log_error() +{ + printf "[error] %s\\n" "$1" +} + +# Get OS +# Return: darwin, linux, freebsd +detect_os() +{ + UNAME_S="$(uname -s)" + OS= + case "$UNAME_S" in + Linux) + OS=linux + ;; + + FreeBSD) + OS=freebsd + ;; + + Darwin) + OS=darwin + ;; + + *) + return 1 + ;; + + esac + + echo $OS +} + +# Get CPU endianness +# Return: le, "" +cpu_little_endian() +{ + ENDIAN_FLAG="$(head -c 6 /bin/bash | tail -c 1)" + if [ "$ENDIAN_FLAG" = "$(printf '\001')" ]; then + echo 'le' + return 0 + fi +} + +# Get CPU +# Return: amd64, 386, armv5, armv6, armv7, arm64, mips_softfloat, mipsle_softfloat, mips64_softfloat, mips64le_softfloat +detect_cpu() +{ + UNAME_M="$(uname -m)" + CPU= + + case "$UNAME_M" in + + x86_64 | x86-64 | x64 | amd64) + CPU=amd64 + ;; + + i386 | i486 | i686 | i786 | x86) + CPU=386 + ;; + + armv5l) + CPU=armv5 + ;; + + armv6l) + CPU=armv6 + ;; + + armv7l | armv8l) + CPU=armv7 + ;; + + aarch64) + CPU=arm64 + ;; + + mips) + LE=$(cpu_little_endian) + CPU=mips${LE}_softfloat + ;; + + mips64) + LE=$(cpu_little_endian) + CPU=mips64${LE}_softfloat + ;; + + *) + return 1 + + esac + + echo "${CPU}" +} + +# Get package file name extension +# Return: tar.gz, zip +package_extension() +{ + if [ "$OS" = "darwin" ]; then + echo "zip" + return 0 + fi + echo "tar.gz" +} + +# Download data to a file +# Use: download URL OUTPUT +download() +{ + log_info "Downloading package from $1 -> $2" + if is_command curl ; then + curl -s "$1" --output "$2" || error_exit "Failed to download $1" + else + error_exit "curl is necessary to install AdGuard Home" + fi +} + +# Unpack package to a directory +# Use: unpack INPUT OUTPUT_DIR PKG_EXT +unpack() +{ + log_info "Unpacking package from $1 -> $2" + mkdir -p "$2" + if [ "$3" = "zip" ]; then + unzip -qq "$1" -d "$2" || return 1 + elif [ "$3" = "tar.gz" ]; then + tar xzf "$1" -C "$2" || return 1 + else + return 1 + fi +} + +# Print error message and exit +# Use: error_exit MESSAGE +error_exit() +{ + log_error "$1" + exit 1 +} + +# Check if command exists +# Use: is_command COMMAND +is_command() { + check_command="$1" + command -v "${check_command}" >/dev/null 2>&1 +} + +# Entry point +main() { + log_info "Starting AdGuard Home installation script" + + CHANNEL=${1} + if [ "${CHANNEL}" != "beta" ] && [ "${CHANNEL}" != "edge" ]; then + CHANNEL=release + fi + log_info "Channel ${CHANNEL}" + + OS=$(detect_os) || error_exit "Cannot detect your OS" + CPU=$(detect_cpu) || error_exit "Cannot detect your CPU" + PKG_EXT=$(package_extension) + PKG_NAME=AdGuardHome_${OS}_${CPU}.${PKG_EXT} + + SCRIPT_URL="https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh" + URL="https://static.adguard.com/adguardhome/${CHANNEL}/${PKG_NAME}" + OUT_DIR=/opt + + # Root check + if [ "$(id -u)" -eq 0 ]; then + log_info "Script called with root privileges" + else + if is_command sudo ; then + log_info "Please note, that AdGuard Home requires root privileges to install using this script." + log_info "Restarting with root privileges" + + exec curl -sSL ${SCRIPT_URL} | sudo sh -s "$@" + exit $? + else + log_info "Root privileges are required to install AdGuard Home using this installer." + log_info "Please, re-run this script as root." + exit 1 + fi + fi + + log_info "AdGuard Home will be installed to ${OUT_DIR}/AdGuardHome" + + [ -d "${OUT_DIR}/AdGuardHome" ] && error_exit "Directory ${OUT_DIR}/AdGuardHome already exists, abort installation" + + download "${URL}" "${PKG_NAME}" || error_exit "Cannot download the package" + + unpack "${PKG_NAME}" "${OUT_DIR}" "${PKG_EXT}" || error_exit "Cannot unpack the package" + + # Install AdGuard Home service and run it + ${OUT_DIR}/AdGuardHome/AdGuardHome -s install || error_exit "Cannot install AdGuardHome as a service" + + rm "${PKG_NAME}" + + log_info "AdGuard Home is now installed and running." + log_info "You can control the service status with the following commands:" + log_info " sudo ${OUT_DIR}/AdGuardHome/AdGuardHome -s start|stop|restart|status|install|uninstall" +} + +main "$@" \ No newline at end of file From 398da7e2d3fec554db4bc7d658abf7c367cea9ab Mon Sep 17 00:00:00 2001 From: Artem Baskal Date: Thu, 8 Oct 2020 11:34:36 +0300 Subject: [PATCH 2/2] + client, home: 2110 Generate .mobileconfig Close #2110 Squashed commit of the following: commit 3a652a23b21b4eb16dd7b09f149099c93bf7a977 Merge: 5d0d6c5e 65acfb75 Author: Andrey Meshkov Date: Wed Oct 7 21:01:54 2020 +0300 Merge branch 'master' into feature/2110 commit 5d0d6c5e8704c80ae526d92966dfee0c469019bb Author: Andrey Meshkov Date: Wed Oct 7 00:28:25 2020 +0300 * (home): minor refactoring commit e1d10252f5b00c94edb9faa85eaefa3d33ac9cbf Merge: f859ef14 fb7ca942 Author: Andrey Meshkov Date: Wed Oct 7 00:18:46 2020 +0300 Merge branch 'master' into feature/2110 commit f859ef144c54123d8ff262177148959f7b41a5a4 Author: ArtemBaskal Date: Tue Oct 6 19:30:18 2020 +0300 Update ServerURL, generate all uniqie uuid commit 3ce7c573229f87579ff150f6519077ced9c5ba23 Merge: e80cf6de a7d2dd7b Author: ArtemBaskal Date: Fri Oct 2 18:46:03 2020 +0300 Merge branch 'master' into feature/2110 commit e80cf6ded1c20a4384cb94200134d67b29c0c948 Author: ArtemBaskal Date: Fri Oct 2 18:33:12 2020 +0300 Describe .mobileconfig in openapi, allow unauthorized access for .mobileconfig commit 9887d1839f8f7e4888fc23bb64cfc43a42b6f58b Author: ArtemBaskal Date: Fri Oct 2 16:14:45 2020 +0300 Change .mobileconfig generation commit 5298dd706c107f5b02f4278a8773f6af387c36b1 Merge: cd4d1a74 128229ad Author: ArtemBaskal Date: Fri Oct 2 12:01:16 2020 +0300 Merge branch 'master' into feature/2110 commit cd4d1a748e2471890b31533e4c24272a3d01cbee Author: ArtemBaskal Date: Thu Oct 1 23:10:14 2020 +0300 Change dot and doh highlight in setup_dns_privacy_4 locale commit 50e310ef3b988f2aad5accea92c6b34ecef28585 Merge: 92e0e28b 2f6f65a8 Author: ArtemBaskal Date: Thu Oct 1 23:05:45 2020 +0300 Merge branch 'master' into feature/2110 commit 92e0e28b757953efbbc211ae43b710b070308573 Author: ArtemBaskal Date: Mon Sep 28 16:44:25 2020 +0300 Add ServerAddresses property commit c8c4cf88abcb0a76c6024d41d3eafab691ff1e38 Author: ArtemBaskal Date: Mon Sep 28 13:51:53 2020 +0300 Fix .mobileconfig display on SetupGuide commit 9e4fad3c0ed0bfb980ad1cb030272781c13ebaad Author: ArtemBaskal Date: Fri Sep 25 19:08:50 2020 +0300 2110 + client, home: Generate .mobileconfig --- AGHTechDoc.md | 53 +++++++++++++ client/src/__locales/en.json | 5 +- client/src/components/ui/Guide.js | 124 +++++++++++++++++++----------- go.mod | 2 + go.sum | 4 + home/control.go | 5 +- home/dns.go | 69 +++++++++++------ home/mobileconfig.go | 92 ++++++++++++++++++++++ openapi/openapi.yaml | 23 ++++++ 9 files changed, 310 insertions(+), 67 deletions(-) create mode 100644 home/mobileconfig.go diff --git a/AGHTechDoc.md b/AGHTechDoc.md index 5e9fa0d5..5bae787a 100644 --- a/AGHTechDoc.md +++ b/AGHTechDoc.md @@ -830,6 +830,36 @@ Request: "private_key_path":"..." // if set, private_key must be empty } +Response: + + 200 OK + +### API: Validate TLS configuration + +Request: + + POST /control/tls/validate + + { + "enabled":true, + "port_https":443, + "port_dns_over_tls":853, + "port_dns_over_quic":784, + "allow_unencrypted_doh":false, + "certificate_chain":"...", + "private_key":"...", + "certificate_path":"...", + "private_key_path":"...", + "valid_cert":true, + "valid_chain":false, + "not_before":"2019-03-19T08:23:45Z", + "not_after":"2029-03-16T08:23:45Z", + "dns_names":null, + "valid_key":true, + "valid_pair":true + } + + Response: 200 OK @@ -1948,6 +1978,29 @@ Check if host name is blocked by SB/PC service: sha256(sub.host.com)[0..1] -> hashes[2],... ... +## API: Get DNS over HTTPS .mobileconfig + +Request: + + GET /apple/doh.mobileconfig + +Response: + + 200 OK + + DOH plist file + +## API: Get DNS over TLS .mobileconfig + +Request: + + GET /apple/dot.mobileconfig + +Response: + + 200 OK + + DOT plist file ## ipset diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 678dd39f..8f2eb5c9 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -249,6 +249,8 @@ "blocking_ipv6": "Blocking IPv6", "dns_over_https": "DNS-over-HTTPS", "dns_over_tls": "DNS-over-TLS", + "download_mobileconfig_doh": "Download .mobileconfig for DNS-over-HTTPS", + "download_mobileconfig_dot": "Download .mobileconfig for DNS-over-TLS", "plain_dns": "Plain DNS", "form_enter_rate_limit": "Enter rate limit", "rate_limit": "Rate limit", @@ -415,7 +417,8 @@ "dns_privacy": "DNS Privacy", "setup_dns_privacy_1": "<0>DNS-over-TLS: Use <1>{{address}} string.", "setup_dns_privacy_2": "<0>DNS-over-HTTPS: Use <1>{{address}} string.", - "setup_dns_privacy_3": "<0>Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.<0>Here's a list of software you can use.", + "setup_dns_privacy_3": "<0>Here's a list of software you can use.", + "setup_dns_privacy_4": "On an iOS 14 or MacOS Big Sur device you can download special '.mobileconfig' file that adds DNS-over-HTTPS or DNS-over-TLS servers to the DNS settings.", "setup_dns_privacy_android_1": "Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.", "setup_dns_privacy_android_2": "<0>AdGuard for Android supports <1>DNS-over-HTTPS and <1>DNS-over-TLS.", "setup_dns_privacy_android_3": "<0>Intra adds <1>DNS-over-HTTPS support to Android.", diff --git a/client/src/components/ui/Guide.js b/client/src/components/ui/Guide.js index 0cb738d8..ec629e1b 100644 --- a/client/src/components/ui/Guide.js +++ b/client/src/components/ui/Guide.js @@ -1,10 +1,43 @@ import React, { useState } from 'react'; import PropTypes from 'prop-types'; -import { Trans, withTranslation } from 'react-i18next'; - +import { Trans, useTranslation } from 'react-i18next'; +import i18next from 'i18next'; import Tabs from './Tabs'; import Icons from './Icons'; +const MOBILE_CONFIG_LINKS = { + DOT: '/apple/dot.mobileconfig', + DOH: '/apple/doh.mobileconfig', +}; + +const renderMobileconfigInfo = ({ label, components }) =>
  • + {label} + +
    • ; + +const renderLi = ({ label, components }) =>
  • + { + if (React.isValidElement(props)) { + return props; + } + const { + // eslint-disable-next-line react/prop-types + href, target = '_blank', rel = 'noopener noreferrer', key = '0', + } = props; + + return link; + })}> + {label} + +
    • ; + const dnsPrivacyList = [{ title: 'Android', list: [ @@ -36,6 +69,23 @@ const dnsPrivacyList = [{ { title: 'iOS', list: [ + { + label: 'setup_dns_privacy_ios_2', + components: [ + { + key: 0, + href: 'https://adguard.com/adguard-ios/overview.html', + }, + text, + ], + }, + { + label: 'setup_dns_privacy_4', + components: { + highlight: , + }, + renderComponent: renderMobileconfigInfo, + }, { label: 'setup_dns_privacy_ios_1', components: [ @@ -51,16 +101,6 @@ const dnsPrivacyList = [{ ], }, - { - label: 'setup_dns_privacy_ios_2', - components: [ - { - key: 0, - href: 'https://adguard.com/adguard-ios/overview.html', - }, - text, - ], - }, ], }, { @@ -116,26 +156,15 @@ const dnsPrivacyList = [{ }, ]; -const renderDnsPrivacyList = ({ title, list }) =>
    +const renderDnsPrivacyList = ({ title, list }) =>
    {title} -
      {list.map(({ label, components }) =>
    • - { - if (React.isValidElement(props)) { - return props; - } - const { - // eslint-disable-next-line react/prop-types - href, target = '_blank', rel = 'noopener noreferrer', key = '0', - } = props; - - return link; - })}> - {label} - -
      • )} +
        {list.map( + ({ + label, + components, + renderComponent = renderLi, + }) => renderComponent({ label, components }), + )}
    ; @@ -195,8 +224,8 @@ const getTabs = ({ }, dns_privacy: { title: 'dns_privacy', - // eslint-disable-next-line react/display-name - getTitle: () =>
    + getTitle: function Title() { + return
    {tlsAddress?.length > 0 && (
    @@ -251,14 +280,15 @@ const getTabs = ({ {dnsPrivacyList.map(renderDnsPrivacyList)} }
    -
    , +
    ; + }, }, }); -const renderContent = ({ title, list, getTitle }, t) =>
    -
    {t(title)}
    +const renderContent = ({ title, list, getTitle }) =>
    +
    {i18next.t(title)}
    - {typeof getTitle === 'function' && getTitle()} + {getTitle?.()} {list &&
      {list.map((item) =>
    1. {item} @@ -267,9 +297,10 @@ const renderContent = ({ title, list, getTitle }, t) =>
      ; -const Guide = ({ dnsAddresses, t }) => { - const tlsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('tls://'))) || ''; - const httpsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('https://'))) || ''; +const Guide = ({ dnsAddresses }) => { + const { t } = useTranslation(); + const tlsAddress = dnsAddresses?.filter((item) => item.includes('tls://')) ?? ''; + const httpsAddress = dnsAddresses?.filter((item) => item.includes('https://')) ?? ''; const showDnsPrivacyNotice = httpsAddress.length < 1 && tlsAddress.length < 1; const [activeTabLabel, setActiveTabLabel] = useState('Router'); @@ -281,7 +312,7 @@ const Guide = ({ dnsAddresses, t }) => { t, }); - const activeTab = renderContent(tabs[activeTabLabel], t); + const activeTab = renderContent(tabs[activeTabLabel]); return (
      @@ -298,12 +329,12 @@ Guide.defaultProps = { Guide.propTypes = { dnsAddresses: PropTypes.array, - t: PropTypes.func.isRequired, }; renderDnsPrivacyList.propTypes = { title: PropTypes.string.isRequired, list: PropTypes.array.isRequired, + renderList: PropTypes.func, }; renderContent.propTypes = { @@ -312,4 +343,11 @@ renderContent.propTypes = { getTitle: PropTypes.func, }; -export default withTranslation()(Guide); +renderLi.propTypes = { + label: PropTypes.string, + components: PropTypes.string, +}; + +renderMobileconfigInfo.propTypes = renderLi.propTypes; + +export default Guide; diff --git a/go.mod b/go.mod index 12616abe..8aaefd0d 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065 github.com/miekg/dns v1.1.31 github.com/pkg/errors v0.9.1 + github.com/satori/go.uuid v1.2.0 github.com/sirupsen/logrus v1.6.0 // indirect github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c github.com/stretchr/testify v1.5.1 @@ -31,4 +32,5 @@ require ( google.golang.org/protobuf v1.25.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 + howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 ) diff --git a/go.sum b/go.sum index bfc5b5a2..9b45f53e 100644 --- a/go.sum +++ b/go.sum @@ -210,6 +210,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0 h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ= github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= @@ -430,6 +432,8 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= diff --git a/home/control.go b/home/control.go index e8b2fa8a..78789aa8 100644 --- a/home/control.go +++ b/home/control.go @@ -97,8 +97,11 @@ func registerControlHandlers() { httpRegister(http.MethodGet, "/control/i18n/current_language", handleI18nCurrentLanguage) http.HandleFunc("/control/version.json", postInstall(optionalAuth(handleGetVersionJSON))) httpRegister(http.MethodPost, "/control/update", handleUpdate) + httpRegister(http.MethodGet, "/control/profile", handleGetProfile) - httpRegister("GET", "/control/profile", handleGetProfile) + // No auth is necessary for DOH/DOT configurations + http.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoh)) + http.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDot)) RegisterAuthHandlers() } diff --git a/home/dns.go b/home/dns.go index bd70ce38..5328bf96 100644 --- a/home/dns.go +++ b/home/dns.go @@ -197,6 +197,44 @@ func generateServerConfig() dnsforward.ServerConfig { return newconfig } +type DNSEncryption struct { + https string + tls string + quic string +} + +func getDNSEncryption() DNSEncryption { + dnsEncryption := DNSEncryption{} + + tlsConf := tlsConfigSettings{} + + Context.tls.WriteDiskConfig(&tlsConf) + + if tlsConf.Enabled && len(tlsConf.ServerName) != 0 { + + if tlsConf.PortHTTPS != 0 { + addr := tlsConf.ServerName + if tlsConf.PortHTTPS != 443 { + addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS) + } + addr = fmt.Sprintf("https://%s/dns-query", addr) + dnsEncryption.https = addr + } + + if tlsConf.PortDNSOverTLS != 0 { + addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS) + dnsEncryption.tls = addr + } + + if tlsConf.PortDNSOverQUIC != 0 { + addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC) + dnsEncryption.quic = addr + } + } + + return dnsEncryption +} + // Get the list of DNS addresses the server is listening on func getDNSAddresses() []string { dnsAddresses := []string{} @@ -217,28 +255,15 @@ func getDNSAddresses() []string { addDNSAddress(&dnsAddresses, config.DNS.BindHost) } - tlsConf := tlsConfigSettings{} - Context.tls.WriteDiskConfig(&tlsConf) - if tlsConf.Enabled && len(tlsConf.ServerName) != 0 { - - if tlsConf.PortHTTPS != 0 { - addr := tlsConf.ServerName - if tlsConf.PortHTTPS != 443 { - addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS) - } - addr = fmt.Sprintf("https://%s/dns-query", addr) - dnsAddresses = append(dnsAddresses, addr) - } - - if tlsConf.PortDNSOverTLS != 0 { - addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS) - dnsAddresses = append(dnsAddresses, addr) - } - - if tlsConf.PortDNSOverQUIC != 0 { - addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC) - dnsAddresses = append(dnsAddresses, addr) - } + dnsEncryption := getDNSEncryption() + if dnsEncryption.https != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.https) + } + if dnsEncryption.tls != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.tls) + } + if dnsEncryption.quic != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.quic) } return dnsAddresses diff --git a/home/mobileconfig.go b/home/mobileconfig.go new file mode 100644 index 00000000..e828f117 --- /dev/null +++ b/home/mobileconfig.go @@ -0,0 +1,92 @@ +package home + +import ( + "fmt" + "net/http" + + uuid "github.com/satori/go.uuid" + "howett.net/plist" +) + +type DNSSettings struct { + DNSProtocol string + ServerURL string `plist:",omitempty"` + ServerName string `plist:",omitempty"` +} + +type PayloadContent = struct { + Name string + PayloadDescription string + PayloadDisplayName string + PayloadIdentifier string + PayloadType string + PayloadUUID string + PayloadVersion int + DNSSettings DNSSettings +} + +type MobileConfig = struct { + PayloadContent []PayloadContent + PayloadDescription string + PayloadDisplayName string + PayloadIdentifier string + PayloadRemovalDisallowed bool + PayloadType string + PayloadUUID string + PayloadVersion int +} + +func genUUIDv4() string { + return uuid.NewV4().String() +} + +func getMobileConfig(r *http.Request, d DNSSettings) ([]byte, error) { + name := fmt.Sprintf("%s DNS over %s", r.Host, d.DNSProtocol) + + data := MobileConfig{ + PayloadContent: []PayloadContent{{ + Name: name, + PayloadDescription: "Configures device to use AdGuard Home", + PayloadDisplayName: name, + PayloadIdentifier: fmt.Sprintf("com.apple.dnsSettings.managed.%s", genUUIDv4()), + PayloadType: "com.apple.dnsSettings.managed", + PayloadUUID: genUUIDv4(), + PayloadVersion: 1, + DNSSettings: d, + }}, + PayloadDescription: "Adds AdGuard Home to Big Sur and iOS 14 or newer systems", + PayloadDisplayName: name, + PayloadIdentifier: genUUIDv4(), + PayloadRemovalDisallowed: false, + PayloadType: "Configuration", + PayloadUUID: genUUIDv4(), + PayloadVersion: 1, + } + + return plist.MarshalIndent(data, plist.XMLFormat, "\t") +} + +func handleMobileConfig(w http.ResponseWriter, r *http.Request, d DNSSettings) { + mobileconfig, err := getMobileConfig(r, d) + + if err != nil { + httpError(w, http.StatusInternalServerError, "plist.MarshalIndent: %s", err) + } + + w.Header().Set("Content-Type", "application/xml") + _, _ = w.Write(mobileconfig) +} + +func handleMobileConfigDoh(w http.ResponseWriter, r *http.Request) { + handleMobileConfig(w, r, DNSSettings{ + DNSProtocol: "HTTPS", + ServerURL: fmt.Sprintf("https://%s/dns-query", r.Host), + }) +} + +func handleMobileConfigDot(w http.ResponseWriter, r *http.Request) { + handleMobileConfig(w, r, DNSSettings{ + DNSProtocol: "TLS", + ServerName: r.Host, + }) +} diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index c50d9485..6ad140e2 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -35,6 +35,8 @@ tags: description: AdGuard Home statistics - name: tls description: AdGuard Home HTTPS/DOH/DOT settings + - name: mobileconfig + description: Apple .mobileconfig paths: /status: @@ -915,6 +917,27 @@ paths: application/json: schema: $ref: "#/components/schemas/ProfileInfo" + /apple/doh.mobileconfig: + get: + tags: + - mobileconfig + - global + operationId: mobileConfigDoH + summary: Get DNS over HTTPS .mobileconfig + responses: + "200": + description: DNS over HTTPS plist file + + /apple/dot.mobileconfig: + get: + tags: + - mobileconfig + - global + operationId: mobileConfigDoT + summary: Get TLS over TLS .mobileconfig + responses: + "200": + description: DNS over TLS plist file components: requestBodies: