diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index cb6dcb0c..fe89ce69 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -136,7 +136,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error { proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second) proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp if len(config.ListenAddresses) == 0 { - return errors.New("No local IP/port configured") + dlog.Debugf("No local IP/port configured") } proxy.listenAddresses = config.ListenAddresses proxy.daemonize = config.Daemonize diff --git a/dnscrypt-proxy/dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml index e6025626..8c5144d3 100644 --- a/dnscrypt-proxy/dnscrypt-proxy.toml +++ b/dnscrypt-proxy/dnscrypt-proxy.toml @@ -18,7 +18,7 @@ ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. - +## To only use systemd activation sockets, use an empty set: [] listen_addresses = ['127.0.0.1:53', '[::1]:53'] diff --git a/dnscrypt-proxy/main.go b/dnscrypt-proxy/main.go index 6ca61450..12ef8db3 100644 --- a/dnscrypt-proxy/main.go +++ b/dnscrypt-proxy/main.go @@ -10,6 +10,7 @@ import ( "sync" "time" + "github.com/coreos/go-systemd/activation" "github.com/coreos/go-systemd/daemon" "github.com/jedisct1/dlog" "github.com/kardianos/service" @@ -165,6 +166,9 @@ func (proxy *Proxy) StartProxy() { dlog.Fatal(err) } } + if err := proxy.systemDListeners(); err != nil { + dlog.Fatal(err) + } liveServers, err := proxy.serversInfo.refresh(proxy) if liveServers > 0 { dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers) @@ -261,6 +265,24 @@ func (proxy *Proxy) tcpListenerFromAddr(listenAddr *net.TCPAddr) error { return nil } +func (proxy *Proxy) systemDListeners() error { + listeners, err := activation.Listeners(true) + if err != nil && len(listeners) > 0 { + for i, listener := range listeners { + dlog.Noticef("Wiring systemd TCP socket #%d", i) + proxy.tcpListener(listener.(*net.TCPListener)) + } + } + packetConns, err := activation.PacketConns(true) + if err != nil && len(packetConns) > 0 { + for i, packetConn := range packetConns { + dlog.Noticef("Wiring systemd UDP socket #%d", i) + proxy.udpListener(packetConn.(*net.UDPConn)) + } + } + return nil +} + func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) { pc, err := net.DialUDP("udp", nil, serverInfo.UDPAddr) if err != nil { diff --git a/systemd/dnscrypt-proxy.service b/systemd/dnscrypt-proxy.service new file mode 100644 index 00000000..a52f6855 --- /dev/null +++ b/systemd/dnscrypt-proxy.service @@ -0,0 +1,17 @@ +[Unit] +Description=DNSCrypt client proxy +Documentation=man:dnscrypt-proxy(8) +Requires=dnscrypt-proxy.socket +After=network.target +Before=nss-lookup.target + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target + +[Service] +Type=simple +NonBlocking=true + +# Change this +ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy diff --git a/systemd/dnscrypt-proxy.socket b/systemd/dnscrypt-proxy.socket new file mode 100644 index 00000000..2c7e629c --- /dev/null +++ b/systemd/dnscrypt-proxy.socket @@ -0,0 +1,11 @@ +[Unit] +Description=dnscrypt-proxy listening socket + +[Socket] +ListenStream=127.0.0.1:53 +ListenDatagram=127.0.0.1:53 +NoDelay=true +DeferAcceptSec=1 + +[Install] +WantedBy=sockets.target