Setup Guide should honor allow_unencrypted_doh (reverse proxy TLS termination) #8177
Description
Prerequisites
-
I have checked the Wiki and Discussions and found no answer
-
I have searched other issues and found no duplicates
-
I want to request a feature or enhancement and not ask a question
The problem
The DNS Privacy setup guide disables the iOS/macOS profile download unless built-in TLS is enabled. In reverse-proxy setups where TLS is
terminated externally and allow_unencrypted_doh is enabled, /apple/doh.mobileconfig works but the UI blocks the download. This is a UX
mismatch: the endpoint is functional, yet the guide prevents users from accessing it.
Proposed solution
Expose a boolean in /control/status that indicates whether DNS privacy is available (e.g., DoH available when TLS is enabled or
allow_unencrypted_doh is true, and DoT/DoQ available when TLS is enabled and the respective port is set). Use this flag in the Setup Guide to
decide whether to show the DNS Privacy content and profile download, instead of relying solely on the generated https/tls addresses.
Alternatives considered and additional information
No response