From ec8fe0b40c5f0cf48ad2c94174e3c23898c86428 Mon Sep 17 00:00:00 2001 From: Krombel Date: Fri, 13 Dec 2019 13:59:36 +0100 Subject: [PATCH] + DNS: Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying) --- home/config.go | 3 +++ home/control.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/home/config.go b/home/config.go index 019612eb..3db7a963 100644 --- a/home/config.go +++ b/home/config.go @@ -117,6 +117,9 @@ type tlsConfigSettings struct { PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled + // Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying) + AllowUnencryptedDOH bool `yaml:"allow_unencrypted_doh" json:"allow_unencrypted_doh"` + dnsforward.TLSConfig `yaml:",inline" json:",inline"` } diff --git a/home/control.go b/home/control.go index 2953cf14..87247190 100644 --- a/home/control.go +++ b/home/control.go @@ -144,7 +144,7 @@ func handleGetProfile(w http.ResponseWriter, r *http.Request) { // DNS-over-HTTPS // -------------- func handleDOH(w http.ResponseWriter, r *http.Request) { - if r.TLS == nil { + if !config.TLS.AllowUnencryptedDOH && r.TLS == nil { httpError(w, http.StatusNotFound, "Not Found") return }