Initial commit

Dockerfile

+FROM golang
+
+RUN true \
+    && git clone https://github.com/m13253/dns-over-https.git \
+    && cd dns-over-https \
+    && make \
+    && true
+
+COPY ./entrypoint.sh /usr/local/bin/entrypoint
+
+ENTRYPOINT ["entrypoint"]
+
+CMD ["./dns-over-https/doh-server/doh-server"]

docker-compose.yml

+version: '2'
+services:
+  dns:
+    image: secns/unbound
+  doh:
+    image: quay.io/sheogorath/doh
+    build:
+      context: .
+    environment:
+      - "UPSTREAM_NAME=dns"
+    ports:
+      - "8053:8053"

entrypoint.sh

+#!/bin/bash
+
+if [ "$UPSTREAM_NAME" != "" ]; then
+    UPSTREAM="$(getent hosts "$UPSTREAM_NAME" | awk '{print $1}'):53"
+fi
+
+#cat > ./dns-over-https/doh-server/doh-server.conf <<EOF
+cat > ./doh-server.conf <<EOF
+
+# HTTP listen port
+listen = [
+    "0.0.0.0:8053",
+]
+
+# Local address and port for upstream DNS
+# If left empty, a local address is automatically chosen.
+local_addr = ""
+
+# TLS certification file
+# If left empty, plain-text HTTP will be used.
+# You are recommended to leave empty and to use a server load balancer (e.g.
+# Caddy, Nginx) and set up TLS there, because this program does not do OCSP
+# Stapling, which is necessary for client bootstrapping in a network
+# environment with completely no traditional DNS service.
+cert = ""
+
+# TLS private key file
+key = ""
+
+# HTTP path for resolve application
+path = "/dns-query"
+
+# Upstream DNS resolver
+# If multiple servers are specified, a random one will be chosen each time.
+upstream = [
+$(echo "${UPSTREAM:-1.1.1.1:53|1.0.0.1:53|8.8.8.8:53|8.8.4.4:53}" | sed -e 's/^/"/' -e 's/$/"/' -e 's/|/",\n"/g')
+]
+
+# Upstream timeout
+timeout = 10
+
+# Number of tries if upstream DNS fails
+tries = 3
+
+# Only use TCP for DNS query
+tcp_only = false
+
+# Enable logging
+verbose = false
+
+# Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
+# Note: http uri/useragent log cannot be controlled by this config
+log_guessed_client_ip = false
+EOF
+
+exec $@