diff --git a/home/config.go b/home/config.go index 019612eb..3db7a963 100644 --- a/home/config.go +++ b/home/config.go @@ -117,6 +117,9 @@ type tlsConfigSettings struct { PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled + // Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying) + AllowUnencryptedDOH bool `yaml:"allow_unencrypted_doh" json:"allow_unencrypted_doh"` + dnsforward.TLSConfig `yaml:",inline" json:",inline"` } diff --git a/home/control.go b/home/control.go index 2953cf14..87247190 100644 --- a/home/control.go +++ b/home/control.go @@ -144,7 +144,7 @@ func handleGetProfile(w http.ResponseWriter, r *http.Request) { // DNS-over-HTTPS // -------------- func handleDOH(w http.ResponseWriter, r *http.Request) { - if r.TLS == nil { + if !config.TLS.AllowUnencryptedDOH && r.TLS == nil { httpError(w, http.StatusNotFound, "Not Found") return }