Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/melchor629/docker-dnscrypt-proxy
A Dockerfile for dnscrypt-proxy
https://github.com/melchor629/docker-dnscrypt-proxy
dnscrypt-proxy dnscrypt-proxy2 docker docker-image
Last synced: about 5 hours ago
JSON representation
A Dockerfile for dnscrypt-proxy
- Host: GitHub
- URL: https://github.com/melchor629/docker-dnscrypt-proxy
- Owner: melchor629
- License: unlicense
- Created: 2018-10-02T21:44:03.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-02-17T11:26:36.000Z (9 months ago)
- Last Synced: 2024-02-17T12:28:15.474Z (9 months ago)
- Topics: dnscrypt-proxy, dnscrypt-proxy2, docker, docker-image
- Language: Shell
- Size: 18.6 KB
- Stars: 11
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# dnscrypt-proxy in Docker
A small image based on alpine linux that downloads the latest version of [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) and sets the environment to run the proxy.
The configuration must be stored in `/etc/dnscrypt-proxy`. The rest of files (like logs) can be located in other places if you want. By default, will try to read the configuration from `/etc/dnscrypt-proxy/dnscrypt-proxy.toml`. If that's not your case, you can modify the arguments and the environment variable `CONFIG_PATH`. Remember that every relative path in the files referenced from the configuration will be located in the same directory as the configuration.
> **Note**: The proxy will always run as unprivileged user. In your configuration, you should use a port higher than `1024` (like `5353`) and then, you can expose the port as `53` or whatever other you want. This is done for you by default when the config volume is empty.
## Tags
In [Docker Hub](https://hub.docker.com/r/melchor9000/dnscrypt-proxy/), you can find these tags for `melchor9000/dnscrypt-proxy`:
- `latest`: all supported architectures
- `amd64`: x86_64/amd64
- `arm`: armhf (armv7)
- `arm64`: aarch64 (armv8 64-bit)
- VERSION: select one version of dnscrypt-proxy to use (e.g.: `2.0.42`)All images are based on [alpine](https://hub.docker.com/_/alpine/) image to have low size images.
## The first run
The configuration files are written to the volume when you run for the first time the `dnscrypt-proxy` (only this one). My recomendation is to run the container for the first time, to let the configuration be written to the volume, and then stop it. Now, you can modify everything you want easily.
This first run also modifies some values of the configuration that you can modify, if you know what are you doing. As mentioned before, the proxy is run in a unprivileged user, so by default it will listen to port 5353. Also, the public resolvers list will be downloaded in the folder `/etc/dnscrypt-proxy/resolvers`.
This initial configuration is good enough to start doing things. But, for a production environment, it is recommended to modify some of the configuration files. These files have comments that will help you modify them. But feel free to go to the [official wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration) to extend the knowledge.
## Recommendations for the configuration
1. Do not modify the `listen_addresses`, it's ok
2. Do not uncomment or set `user_name`
3. If docker has enabled IPv6 connectivity and you have IPv6 to the internet, you should set to `true` the line `ipv6_servers`
4. Do not set a `log_file` nor `use_syslog`, let docker manage the log :)
5. Could be a good idea to change the `fallback_resolver`, by default is `9.9.9.9:53`
6. Could be a good idea to check the `cache` options## Environment variables
The first one environment variable that can be configured is `CONFIG_PATH`. By default is `/etc/dnscrypt-proxy`, but if you want to change that, you can. This variable is to tell the init script where is the configuration folder inside the container. It is not recommended to change that, as the default value is valid, but you can change that if you need to.
There is another environment variable which is `DNSCRYPT_PROXY_RULES` which enables for you the following rules and filters: `forwarding`, `cloaking`, `blocked-names`, `blocked-ips`, `allowed-names`, `allowed-ips`, `captive-portals` and `local-doh`. Supported values are a comma-sepparated list of the rules/filters to enable. By default, will not enable anything.
NOTE: When enabling cloaking rules; the file `cloaking-rules.txt` comes with some pre-defined rules which can block access to certain websites video/search content such as Youtube, Google and Yandix. You should modify the file first to adapt to your needs before enabling `cloaking` using the environment variable `DNSCRYPT_PROXY_RULES`.
## Example: docker
```sh
docker container run --rm -d -v $PWD/config:/etc/dnscrypt-proxy -p 53:5353/udp melchor9000/dnscrypt-proxy
```The listen address is `['0.0.0.0:5353']`.
## Example: docker-compose
```yaml
version: '3.6'services:
server:
image: melchor9000/dnscrypt-proxy
ports:
- target: 5353
published: 53
protocol: udp
mode: host
# enable this only if local DoH is going to be used
- target: 8443
published: 443
protocol: tcp
mode: host
restart: always
volumes:
#Here I have the toml and txt files
#The cache is stored in another folder, but is not persisted
- "./conf:/etc/dnscrypt-proxy"
deploy:
mode: replicated
replicas: 2
```