Question about DNSCrypt server Docker image
leonardoks16 opened this issue · comments
I installed dnscrypt server from a docker container. Im pretty new in docker and everything in general. Can I see all configuration in some .config file?
Another Question: To use filtering what do I need to do exactly? I already run the init command with the
-v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
Command, and when i add the filtering I get error, and I cant do with docker exec nexxuscrypt-dns /entrypoint.sh init <command>
I can help with the first point.
On the machine you can check the container name with
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7b3e20d44d50 eanu/dnscrypt-server-docker:1.60 "/entrypoint.sh init…" 4 weeks ago Up 4 weeks dnscrypt-server
Then get a shell in the container with
docker exec -it dnscrypt-server /bin/bash
Config for encrypted-dns would be in
/opt/encrypted-dns/etc
I'm not totally clear on what you're doing in the second part - someone else can probably help better than me, but FYI my script looks like this
docker run -d --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
--ulimit nofile=90000:90000 --restart=unless-stopped \
-v /home/docker/keys:/opt/encrypted-dns/etc/keys \
-v /home/docker/lists:/opt/encrypted-dns/etc/lists \
eanu/dnscrypt-server-docker:1.60 init -A -N v.dnscrypt.uk -E <ip addresses > -M 0.0.0.0:9100
The 'lists' directory there is for input files to encrypted-dns, but I don't use any at the moment.
The configuration file is just this template with the @...@
parts replaced by their values.
The list of blocked domains is in /opt/encrypted-dns/etc/lists/blacklist.txt
.
Thank you @ianbashford and @jedisct1 . Can I edit this template if I am using docker or I will need to install dnscrypt-server in other way? I need to change all directories to a USB device.
It may be a little bit confusing, but the directory in a Docker container is not the one on your disk.
In the command line, -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys
means that the virtual (in the container) directory /etc/dnscrypt-server/keys
will be the /opt/encrypted-dns/etc/keys
directory on your disk.
You can change /opt/encrypted-dns/etc/keys
to absolutely anything!
Inside the container, the directory will still look like /etc/dnscrypt-server/keys
so the configuration doesn't need to be changed.
Docker definitely makes this easier. So if the USB was mounted to /mnt/USB
, the docker command I pasted above could be modified:
docker run -d --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
--ulimit nofile=90000:90000 --restart=unless-stopped \
-v /mnt/USB/keys:/opt/encrypted-dns/etc/keys \
-v /mnt/USB/lists:/opt/encrypted-dns/etc/lists \
eanu/dnscrypt-server-docker:1.60 init -A -N v.dnscrypt.uk -E <ip addresses > -M 0.0.0.0:9100
Check as well that you have permissions to write to that mount point.
Can I use more than one -v option? If do it in my server the command isnt executed successfully.
yes you can -- the example above has more than one.
Running locally I quite often bring in multiple dot folders.
Try something like this -- it'll drop into a shell in /tmp -- you should see your home directory mounted there, and also your shared memory space (as /tmp/junk)
docker run --rm -it -v /dev/shm:/tmp/junk -v /home/${USER}:/tmp/${USER} --name dnscrypt-server-temp jedisct1/dnscrypt-server shell
Once that works, you can then substitute your folders in place of my ones...
Problem solved. For now I will try to configure to work with Prometheus, DoH and Filtering. If work you will see more 1 country avaible for dnscrypt resolvers list