diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 058ce12b..df046b5b 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -192,6 +192,7 @@ type BrokenImplementationsConfig struct { type LocalDoHConfig struct { ListenAddresses []string `toml:"listen_addresses"` + Path string `toml:"path"` CertFile string `toml:"cert_file"` CertKeyFile string `toml:"cert_key_file"` } @@ -357,6 +358,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.listenAddresses = config.ListenAddresses proxy.localDoHListenAddresses = config.LocalDoH.ListenAddresses + proxy.localDoHPath = config.LocalDoH.Path proxy.localDoHCertFile = config.LocalDoH.CertFile proxy.localDoHCertKeyFile = config.LocalDoH.CertKeyFile proxy.daemonize = config.Daemonize diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index f0474c4c..7b26da05 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -355,6 +355,11 @@ cache_neg_max_ttl = 600 # listen_addresses = ['127.0.0.1:3000'] +## URL path - The standard one is "/dns-query", but anything can be used. + +# path = "/dns-query" + + ## Certificate file and key - Note that the certificate has to be trusted. ## See the Wiki for more information. diff --git a/dnscrypt-proxy/local-doh.go b/dnscrypt-proxy/local-doh.go index 2e993b93..a0d8e130 100644 --- a/dnscrypt-proxy/local-doh.go +++ b/dnscrypt-proxy/local-doh.go @@ -16,15 +16,19 @@ type localDoHHandler struct { } func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) { + proxy := handler.proxy dataType := "application/dns-message" writer.Header().Set("Server", "dnscrypt-proxy") + if request.URL.Path != proxy.localDoHPath { + writer.WriteHeader(404) + return + } if request.Header.Get("Content-Type") != dataType { writer.Header().Set("Content-Type", "text/plain") writer.WriteHeader(400) writer.Write([]byte("dnscrypt-proxy local DoH server\n")) return } - proxy := handler.proxy start := time.Now() clientAddr, err := net.ResolveTCPAddr("tcp", request.RemoteAddr) if err != nil { diff --git a/dnscrypt-proxy/localhost.pem b/dnscrypt-proxy/localhost.pem new file mode 100644 index 00000000..fe5ad501 --- /dev/null +++ b/dnscrypt-proxy/localhost.pem @@ -0,0 +1,47 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDb7g6EQhbfby97 +k4oMbZTzdi2TWFBs7qK/QwgOu+L6EhNHPO1ZEU29v0APFBFJO5zyyAk9bZ9k9tPB +bCuVVI9jEUfLH3UCjEQPG6XI2w++uVh0yALvc/uurCvRHVlle/V7cAoikndc2SjE +RQUALbACIqwD5g0F77BYwcsreB4GH253/R6Q2/CJZ4jNHPjkocOJiVr3ejA0kkoN +MXpGUXWcrVVk20M2A1CeO7HAulLRcklEdoHE3v46pjp0iZK0F9LyZX1U1ql+4QL3 +iQttoZ4tMg83lFHSt4G9PrpIhzXr9W4NW822faSvrIwwN/JbItUmRa7n/3+MkuJQ +IGGNDayXAgMBAAECggEBANs0fmGSocuXvYL1Pi4+9qxnCOwIpTi97Zam0BwnZwcL +Bw4FCyiwV4UdX1LoFIailT9i49rHLYzre4oZL6OKgdQjQCSTuQOOHLPWQbpdpWba +w/C5/jr+pkemMZIfJ6BAGiArPt7Qj4oKpFhj1qUj5H9sYXkNTcOx8Fm25rLv6TT9 +O7wg0oCpyG+iBSbCYBp9mDMz8pfo4P3BhcFiyKCKeiAC6KuHU81dvuKeFB4XQK+X +no2NqDqe6MBkmTqjNNy+wi1COR7lu34LPiWU5Hq5PdIEqBBUMjlMI6oYlhlgNTdx +SvsqFz3Xs6kpAhJTrSiAqscPYosgaMQxo+LI26PJnikCgYEA9n0OERkm0wSBHnHY +Kx8jaxNYg93jEzVnEgI/MBTJZqEyCs9fF6Imv737VawEN/BhesZZX7bGZQfDo8AT +aiSa5upkkSGXEqTu5ytyoKFTb+dJ/qmx3+zP6dPVzDnc8WPYMoUg7vvjZkXXJgZX ++oMlMUW1wWiDNI3wP19W9Is6xssCgYEA5GqkUBEns6eTFJV0JKqbEORJJ7lx5NZe +cIx+jPpLkILG4mOKOg1TBx0wkxa9cELtsNsM+bPtu9OqRMhsfPBmsXDHhJwg0Z6G +eDTfYYPkpRhwZvl6jBZn9sLVR9wfg2hE+n0lfV3mceg336KOkwAehDU84SWZ2e0S +esqkpbHJa+UCgYA7PY0O8POSzcdWkNf6bS5vAqRIdSCpMjGGc4HKRYSuJNnJHVPm +czNK7Bcm3QPaiexzvI4oYd5G09niVjyUSx3rl7P56Y/MjFVau+d90agjAfyXtyMo +BVtnAGGnBtUiMvP4GGT06xcZMnnmCqpEbBaZQ/7N8Bdwnxh5sqlMdtX2hwKBgAhL +hyQRO2vezgyVUN50A6WdZLq4lVZGIq/bqkzcWhopZaebDc4F5doASV9OGBsXkyI1 +EkePLTcA/NH6pVX0NQaEnfpG4To7k46R/PrBm3ATbyGONdEYjzX65VvytoJDKx4d +pVrkKhZA5KaOdLcJ7hHHDSrv/qJXZbBn44rQ5guxAoGBAJ6oeUsUUETakxlmIhmK +xuQmWqLf97BKt8r6Z8CqHKWK7vpG2OmgFYCQGaR7angQ8hmAOv6jM56XhoagDBoc +UoaoEyo9/uCk6NRUkUMj7Tk/5UQSiWLceVH27w+icMFhf1b7EmmNfk+APsiathO5 +j4edf1AinVCPwRVVu1dtLL5P +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAeoCCQCptj0+TjjIJjANBgkqhkiG9w0BAQsFADBDMREwDwYDVQQKDAhE +TlNDcnlwdDEaMBgGA1UECwwRTG9jYWwgdGVzdCBzZXJ2ZXIxEjAQBgNVBAMMCWxv +Y2FsaG9zdDAeFw0xOTExMTgxNDA2MzBaFw0zMzA3MjcxNDA2MzBaMEMxETAPBgNV +BAoMCEROU0NyeXB0MRowGAYDVQQLDBFMb2NhbCB0ZXN0IHNlcnZlcjESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+4O +hEIW328ve5OKDG2U83Ytk1hQbO6iv0MIDrvi+hITRzztWRFNvb9ADxQRSTuc8sgJ +PW2fZPbTwWwrlVSPYxFHyx91AoxEDxulyNsPvrlYdMgC73P7rqwr0R1ZZXv1e3AK +IpJ3XNkoxEUFAC2wAiKsA+YNBe+wWMHLK3geBh9ud/0ekNvwiWeIzRz45KHDiYla +93owNJJKDTF6RlF1nK1VZNtDNgNQnjuxwLpS0XJJRHaBxN7+OqY6dImStBfS8mV9 +VNapfuEC94kLbaGeLTIPN5RR0reBvT66SIc16/VuDVvNtn2kr6yMMDfyWyLVJkWu +5/9/jJLiUCBhjQ2slwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6Vz5HnGuy8jZz +5i8ipbcDMCZNdpYYnxgD53hEKOfoSv7LaF0ztD8Kmg3s5LHv9EHlkK3+G6FWRGiP +9f6IbtRITaiVQP3M13T78hpN5Qq5jgsqjR7ZcN7Etr6ZFd7G/0+mzqbyBuW/3szt +RdX/YLy1csvjbZoNNuXGWRohXjg0Mjko2tRLmARvxA/gZV5zWycv3BD2BPzyCdS9 +MDMYSF0RPiL8+alfwLNqLcqMA5liHlmZa85uapQyoUI3ksKJkEgU53aD8cYhH9Yn +6mVpsrvrcRLBiHlbi24QBolhFkCSRK8bXes8XDIPuD8iYRwlrVBwOakMFQWMqNfI +IMOKJomU +-----END CERTIFICATE----- diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index 9dd29911..48e025c2 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -32,6 +32,7 @@ type Proxy struct { mainProto string listenAddresses []string localDoHListenAddresses []string + localDoHPath string localDoHCertFile string localDoHCertKeyFile string daemonize bool