Make the local DoH path configurable

This commit is contained in:
Frank Denis 2019-11-28 23:49:28 +01:00
parent 583ca09946
commit f18dbc71ec
5 changed files with 60 additions and 1 deletions

View File

@ -192,6 +192,7 @@ type BrokenImplementationsConfig struct {
type LocalDoHConfig struct { type LocalDoHConfig struct {
ListenAddresses []string `toml:"listen_addresses"` ListenAddresses []string `toml:"listen_addresses"`
Path string `toml:"path"`
CertFile string `toml:"cert_file"` CertFile string `toml:"cert_file"`
CertKeyFile string `toml:"cert_key_file"` CertKeyFile string `toml:"cert_key_file"`
} }
@ -357,6 +358,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
proxy.listenAddresses = config.ListenAddresses proxy.listenAddresses = config.ListenAddresses
proxy.localDoHListenAddresses = config.LocalDoH.ListenAddresses proxy.localDoHListenAddresses = config.LocalDoH.ListenAddresses
proxy.localDoHPath = config.LocalDoH.Path
proxy.localDoHCertFile = config.LocalDoH.CertFile proxy.localDoHCertFile = config.LocalDoH.CertFile
proxy.localDoHCertKeyFile = config.LocalDoH.CertKeyFile proxy.localDoHCertKeyFile = config.LocalDoH.CertKeyFile
proxy.daemonize = config.Daemonize proxy.daemonize = config.Daemonize

View File

@ -355,6 +355,11 @@ cache_neg_max_ttl = 600
# listen_addresses = ['127.0.0.1:3000'] # listen_addresses = ['127.0.0.1:3000']
## URL path - The standard one is "/dns-query", but anything can be used.
# path = "/dns-query"
## Certificate file and key - Note that the certificate has to be trusted. ## Certificate file and key - Note that the certificate has to be trusted.
## See the Wiki for more information. ## See the Wiki for more information.

View File

@ -16,15 +16,19 @@ type localDoHHandler struct {
} }
func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) { func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
proxy := handler.proxy
dataType := "application/dns-message" dataType := "application/dns-message"
writer.Header().Set("Server", "dnscrypt-proxy") writer.Header().Set("Server", "dnscrypt-proxy")
if request.URL.Path != proxy.localDoHPath {
writer.WriteHeader(404)
return
}
if request.Header.Get("Content-Type") != dataType { if request.Header.Get("Content-Type") != dataType {
writer.Header().Set("Content-Type", "text/plain") writer.Header().Set("Content-Type", "text/plain")
writer.WriteHeader(400) writer.WriteHeader(400)
writer.Write([]byte("dnscrypt-proxy local DoH server\n")) writer.Write([]byte("dnscrypt-proxy local DoH server\n"))
return return
} }
proxy := handler.proxy
start := time.Now() start := time.Now()
clientAddr, err := net.ResolveTCPAddr("tcp", request.RemoteAddr) clientAddr, err := net.ResolveTCPAddr("tcp", request.RemoteAddr)
if err != nil { if err != nil {

View File

@ -0,0 +1,47 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDb7g6EQhbfby97
k4oMbZTzdi2TWFBs7qK/QwgOu+L6EhNHPO1ZEU29v0APFBFJO5zyyAk9bZ9k9tPB
bCuVVI9jEUfLH3UCjEQPG6XI2w++uVh0yALvc/uurCvRHVlle/V7cAoikndc2SjE
RQUALbACIqwD5g0F77BYwcsreB4GH253/R6Q2/CJZ4jNHPjkocOJiVr3ejA0kkoN
MXpGUXWcrVVk20M2A1CeO7HAulLRcklEdoHE3v46pjp0iZK0F9LyZX1U1ql+4QL3
iQttoZ4tMg83lFHSt4G9PrpIhzXr9W4NW822faSvrIwwN/JbItUmRa7n/3+MkuJQ
IGGNDayXAgMBAAECggEBANs0fmGSocuXvYL1Pi4+9qxnCOwIpTi97Zam0BwnZwcL
Bw4FCyiwV4UdX1LoFIailT9i49rHLYzre4oZL6OKgdQjQCSTuQOOHLPWQbpdpWba
w/C5/jr+pkemMZIfJ6BAGiArPt7Qj4oKpFhj1qUj5H9sYXkNTcOx8Fm25rLv6TT9
O7wg0oCpyG+iBSbCYBp9mDMz8pfo4P3BhcFiyKCKeiAC6KuHU81dvuKeFB4XQK+X
no2NqDqe6MBkmTqjNNy+wi1COR7lu34LPiWU5Hq5PdIEqBBUMjlMI6oYlhlgNTdx
SvsqFz3Xs6kpAhJTrSiAqscPYosgaMQxo+LI26PJnikCgYEA9n0OERkm0wSBHnHY
Kx8jaxNYg93jEzVnEgI/MBTJZqEyCs9fF6Imv737VawEN/BhesZZX7bGZQfDo8AT
aiSa5upkkSGXEqTu5ytyoKFTb+dJ/qmx3+zP6dPVzDnc8WPYMoUg7vvjZkXXJgZX
+oMlMUW1wWiDNI3wP19W9Is6xssCgYEA5GqkUBEns6eTFJV0JKqbEORJJ7lx5NZe
cIx+jPpLkILG4mOKOg1TBx0wkxa9cELtsNsM+bPtu9OqRMhsfPBmsXDHhJwg0Z6G
eDTfYYPkpRhwZvl6jBZn9sLVR9wfg2hE+n0lfV3mceg336KOkwAehDU84SWZ2e0S
esqkpbHJa+UCgYA7PY0O8POSzcdWkNf6bS5vAqRIdSCpMjGGc4HKRYSuJNnJHVPm
czNK7Bcm3QPaiexzvI4oYd5G09niVjyUSx3rl7P56Y/MjFVau+d90agjAfyXtyMo
BVtnAGGnBtUiMvP4GGT06xcZMnnmCqpEbBaZQ/7N8Bdwnxh5sqlMdtX2hwKBgAhL
hyQRO2vezgyVUN50A6WdZLq4lVZGIq/bqkzcWhopZaebDc4F5doASV9OGBsXkyI1
EkePLTcA/NH6pVX0NQaEnfpG4To7k46R/PrBm3ATbyGONdEYjzX65VvytoJDKx4d
pVrkKhZA5KaOdLcJ7hHHDSrv/qJXZbBn44rQ5guxAoGBAJ6oeUsUUETakxlmIhmK
xuQmWqLf97BKt8r6Z8CqHKWK7vpG2OmgFYCQGaR7angQ8hmAOv6jM56XhoagDBoc
UoaoEyo9/uCk6NRUkUMj7Tk/5UQSiWLceVH27w+icMFhf1b7EmmNfk+APsiathO5
j4edf1AinVCPwRVVu1dtLL5P
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDAjCCAeoCCQCptj0+TjjIJjANBgkqhkiG9w0BAQsFADBDMREwDwYDVQQKDAhE
TlNDcnlwdDEaMBgGA1UECwwRTG9jYWwgdGVzdCBzZXJ2ZXIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xOTExMTgxNDA2MzBaFw0zMzA3MjcxNDA2MzBaMEMxETAPBgNV
BAoMCEROU0NyeXB0MRowGAYDVQQLDBFMb2NhbCB0ZXN0IHNlcnZlcjESMBAGA1UE
AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+4O
hEIW328ve5OKDG2U83Ytk1hQbO6iv0MIDrvi+hITRzztWRFNvb9ADxQRSTuc8sgJ
PW2fZPbTwWwrlVSPYxFHyx91AoxEDxulyNsPvrlYdMgC73P7rqwr0R1ZZXv1e3AK
IpJ3XNkoxEUFAC2wAiKsA+YNBe+wWMHLK3geBh9ud/0ekNvwiWeIzRz45KHDiYla
93owNJJKDTF6RlF1nK1VZNtDNgNQnjuxwLpS0XJJRHaBxN7+OqY6dImStBfS8mV9
VNapfuEC94kLbaGeLTIPN5RR0reBvT66SIc16/VuDVvNtn2kr6yMMDfyWyLVJkWu
5/9/jJLiUCBhjQ2slwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA6Vz5HnGuy8jZz
5i8ipbcDMCZNdpYYnxgD53hEKOfoSv7LaF0ztD8Kmg3s5LHv9EHlkK3+G6FWRGiP
9f6IbtRITaiVQP3M13T78hpN5Qq5jgsqjR7ZcN7Etr6ZFd7G/0+mzqbyBuW/3szt
RdX/YLy1csvjbZoNNuXGWRohXjg0Mjko2tRLmARvxA/gZV5zWycv3BD2BPzyCdS9
MDMYSF0RPiL8+alfwLNqLcqMA5liHlmZa85uapQyoUI3ksKJkEgU53aD8cYhH9Yn
6mVpsrvrcRLBiHlbi24QBolhFkCSRK8bXes8XDIPuD8iYRwlrVBwOakMFQWMqNfI
IMOKJomU
-----END CERTIFICATE-----

View File

@ -32,6 +32,7 @@ type Proxy struct {
mainProto string mainProto string
listenAddresses []string listenAddresses []string
localDoHListenAddresses []string localDoHListenAddresses []string
localDoHPath string
localDoHCertFile string localDoHCertFile string
localDoHCertKeyFile string localDoHCertKeyFile string
daemonize bool daemonize bool