-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS forwarding to real localhost #112
Comments
I went with --network=host and strict firewall. Read a lot about it and it seems the best. Now I can query unbound inside the container too. Sorry to bother you :) |
This is great! Sorry, I'm not too familiar with Docker either... |
|
I'm swicthing to dnscrypt-server from normal operation to docker.
The machine I'm running the docker image on runs nginx and doh-proxy on it too.
nginx is running on port 8443 so that dnscrypt-server can run on 443.
nginx reverse-proxys to doh-proxy and serves a web-page.
That worked fine when I was running dnscrypt-proxy wirthout docker.
When starting teh docker image with
docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp -p 9100:9100/tcp \ --restart=unless-stopped \ -v /etc/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \ jedisct1/dnscrypt-server init -N myname.org -A -M 0.0.0.0:9100 -T 127.0.0.1:8443 \ -E '133.224.17.124:443,[2001:14f0:5001:bbb:5300:030f:fee7:f70d]:443'
it obviously doesn't work because 127.0.0.1 revers to the internal address of the docker container, but it should refer to localhost of my machine where nginx resides.
How to accomplish that in a safe way? I managed to get it to work with adding --network=host to the docker command. Is that safe and the only way?
The text was updated successfully, but these errors were encountered: