Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using encrypted-dns-server behind a reverse proxy #132

Closed
nodje opened this issue Sep 19, 2022 · 2 comments
Closed

Using encrypted-dns-server behind a reverse proxy #132

nodje opened this issue Sep 19, 2022 · 2 comments

Comments

@nodje
Copy link

nodje commented Sep 19, 2022

I'd like to setup encrypted-dns-server behind a reverse proxy, Traefik, which would take care of the TLS layer.

As I don't understand the certificate management needed behind encrypted-dns-server, either for DNSCrypt own protocol or DOH, I'm not sure if that is easily possible and how the DNS stamps would be generated.

Thanks
@jedisct1
Copy link
Member

The DNSCrypt protocol doesn't use TLS, but something specially made for DNS.

If you want to use DoH and/or ODoH, you should be running doh-server instead. This one will work fine with a TLS termination proxy such as Traefik.

@nodje
Copy link
Author

nodje commented Sep 20, 2022

What if the reverse proxy doesn't take care of the TLS layer but just forwards a domain dns.example.com to a encrypted-dns-server instance.
What are the protocol it would need to handle? Looking at the docker setup -p 443:443/udp -p 443:443/tcp would be the ones.

As I'm studying options within your large offer under DNSCrypt, I'll ask question in other projects as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nodje @jedisct1