+ DNS: Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
This commit is contained in:
parent
041ea65d14
commit
ec8fe0b40c
|
@ -117,6 +117,9 @@ type tlsConfigSettings struct {
|
||||||
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled
|
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled
|
||||||
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled
|
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled
|
||||||
|
|
||||||
|
// Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
|
||||||
|
AllowUnencryptedDOH bool `yaml:"allow_unencrypted_doh" json:"allow_unencrypted_doh"`
|
||||||
|
|
||||||
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -144,7 +144,7 @@ func handleGetProfile(w http.ResponseWriter, r *http.Request) {
|
||||||
// DNS-over-HTTPS
|
// DNS-over-HTTPS
|
||||||
// --------------
|
// --------------
|
||||||
func handleDOH(w http.ResponseWriter, r *http.Request) {
|
func handleDOH(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.TLS == nil {
|
if !config.TLS.AllowUnencryptedDOH && r.TLS == nil {
|
||||||
httpError(w, http.StatusNotFound, "Not Found")
|
httpError(w, http.StatusNotFound, "Not Found")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue