+ DNS: Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)

This commit is contained in:
Krombel 2019-12-13 13:59:36 +01:00 committed by Simon Zolin
parent 041ea65d14
commit ec8fe0b40c
2 changed files with 4 additions and 1 deletions

View File

@ -117,6 +117,9 @@ type tlsConfigSettings struct {
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled
// Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
AllowUnencryptedDOH bool `yaml:"allow_unencrypted_doh" json:"allow_unencrypted_doh"`
dnsforward.TLSConfig `yaml:",inline" json:",inline"` dnsforward.TLSConfig `yaml:",inline" json:",inline"`
} }

View File

@ -144,7 +144,7 @@ func handleGetProfile(w http.ResponseWriter, r *http.Request) {
// DNS-over-HTTPS // DNS-over-HTTPS
// -------------- // --------------
func handleDOH(w http.ResponseWriter, r *http.Request) { func handleDOH(w http.ResponseWriter, r *http.Request) {
if r.TLS == nil { if !config.TLS.AllowUnencryptedDOH && r.TLS == nil {
httpError(w, http.StatusNotFound, "Not Found") httpError(w, http.StatusNotFound, "Not Found")
return return
} }