mirrors/doh-server
1
0
Fork 0
mirror of https://github.com/DNSCrypt/doh-server.git synced 2025-04-05 05:57:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

Documentation updates

Browse source
This commit is contained in:
Frank Denis 2021-02-16 00:13:44 +01:00
parent ba663ef4d9
commit dbc5dc702f
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -23,6 +23,8 @@ cargo install doh-proxy --no-default-features
## Usage ## Usage
```text ```text
A DNS-over-HTTPS (DoH) proxy
USAGE: USAGE:
doh-proxy [FLAGS] [OPTIONS] doh-proxy [FLAGS] [OPTIONS]
@ -37,6 +39,7 @@ OPTIONS:
-l, --listen-address <listen_address> Address to listen to [default: 127.0.0.1:3000] -l, --listen-address <listen_address> Address to listen to [default: 127.0.0.1:3000]
-b, --local-bind-address <local_bind_address> Address to connect from -b, --local-bind-address <local_bind_address> Address to connect from
-c, --max-clients <max_clients> Maximum number of simultaneous clients [default: 512] -c, --max-clients <max_clients> Maximum number of simultaneous clients [default: 512]
-C, --max-concurrent <max_concurrent> Maximum number of concurrent requests per client [default: 16]
-X, --max-ttl <max_ttl> Maximum TTL, in seconds [default: 604800] -X, --max-ttl <max_ttl> Maximum TTL, in seconds [default: 604800]
-T, --min-ttl <min_ttl> Minimum TTL, in seconds [default: 10] -T, --min-ttl <min_ttl> Minimum TTL, in seconds [default: 10]
-p, --path <path> URI path [default: /dns-query] -p, --path <path> URI path [default: /dns-query]
@ -45,7 +48,7 @@ OPTIONS:
-I, --tls-cert-key-path <tls_cert_key_path> -I, --tls-cert-key-path <tls_cert_key_path>
Path to the PEM-encoded secret keys (only required for built-in TLS) Path to the PEM-encoded secret keys (only required for built-in TLS)
-i, --tls-cert-path <tls_cert_path> Path to a PEM-encoded identity (only required for built-in TLS) -i, --tls-cert-path <tls_cert_path> Path to the PEM-encoded certificates (only required for built-in TLS)
``` ```
## HTTP/2 termination ## HTTP/2 termination
@ -67,6 +70,16 @@ Once HTTPS is enabled, HTTP connections will not be accepted.
A sample self-signed certificate [`localhost.pem`](https://github.com/jedisct1/rust-doh/raw/master/localhost.pem) can be used for testing. A sample self-signed certificate [`localhost.pem`](https://github.com/jedisct1/rust-doh/raw/master/localhost.pem) can be used for testing.
The file also includes the private key. The file also includes the private key.
[`acme.sh`](https://github.com/acmesh-official/acme.sh) can be used to create and update TLS certificates using Let's Encrypt and other ACME-compliant providers.
The certificates path must be set to the full certificates chain (`fullchain.cer`) and the key path to the secret keys (the `.key` file):
```sh
doh-proxy -i /path/to/fullchain.cer -I /path/to/domain.key ...
```
Once started, `doh-proxy` automatically reloads the certificates as they change; there is no need to restart the server.
## Accepting both DNSCrypt and DoH connections on port 443 ## Accepting both DNSCrypt and DoH connections on port 443
DNSCrypt is an alternative encrypted DNS protocol that is faster and more lightweight than DoH. DNSCrypt is an alternative encrypted DNS protocol that is faster and more lightweight than DoH.

2
src/config.rs
View file

@ -123,7 +123,7 @@ pub fn parse_opts(globals: &mut Globals) {
.short("i") .short("i")
.long("tls-cert-path") .long("tls-cert-path")
.takes_value(true) .takes_value(true)
.help("Path to a PEM-encoded certificates (only required for built-in TLS)"), .help("Path to the PEM-encoded certificates (only required for built-in TLS)"),
) )
.arg( .arg(
Arg::with_name("tls_cert_key_path") Arg::with_name("tls_cert_key_path")