TechnitiumSoftware/DnsServer
1
0
Fork 0
mirror of https://github.com/TechnitiumSoftware/DnsServer.git synced 2026-03-02 14:49:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added TLS cert path, TLS cert password and HTTP to TLS redirect docker env variables

Browse Source
This commit is contained in:
Simon van der Meer
2025-10-20 22:31:18 +02:00
parent 9b8e626cf0
commit d30e074983
3 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
DnsServerCore/DnsWebService.cs
View File

@@ -268,6 +268,18 @@ namespace DnsServerCore
string webServiceUseSelfSignedTlsCertificate = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT");
if (!string.IsNullOrEmpty(webServiceUseSelfSignedTlsCertificate))
_webServiceUseSelfSignedTlsCertificate = bool.Parse(webServiceUseSelfSignedTlsCertificate);
string webServiceTlsCertificatePath = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH");
if (!string.IsNullOrEmpty(webServiceTlsCertificatePath))
_webServiceTlsCertificatePath = webServiceTlsCertificatePath;
string webServiceTlsCertificatePassword = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD");
if (!string.IsNullOrEmpty(webServiceTlsCertificatePassword))
_webServiceTlsCertificatePassword = webServiceTlsCertificatePassword;
string webServiceHttpToTlsRedirect = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT");
if (!string.IsNullOrEmpty(webServiceHttpToTlsRedirect))
_webServiceHttpToTlsRedirect = bool.Parse(webServiceHttpToTlsRedirect);
SaveConfigFileInternal();
}

47
DockerEnvironmentVariables.md
View File

@@ -6,25 +6,28 @@ NOTE! These environment variables are read by the DNS server only when the DNS c
The environment variables are described below:
| Environment Variable | Type | Description |
| ------------------------------------------ | ------- | -----------------------------------------------------------------------------------------------------------------------------------------|
| DNS_SERVER_DOMAIN | String | The primary domain name used by this DNS Server to identify itself. |
| DNS_SERVER_ADMIN_PASSWORD | String | The DNS web console admin user password. |
| DNS_SERVER_ADMIN_PASSWORD_FILE | String | The path to a file that contains a plain text password for the DNS web console admin user. |
| DNS_SERVER_PREFER_IPV6 | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled. |
| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES | String | A comma separated list of IP addresses for the DNS web console to listen on. |
| DNS_SERVER_WEB_SERVICE_HTTP_PORT | Integer | The TCP port number for the DNS web console over HTTP protocol. |
| DNS_SERVER_WEB_SERVICE_HTTPS_PORT | Integer | The TCP port number for the DNS web console over HTTPS protocol. |
| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS | Boolean | Enables HTTPS for the DNS web console. |
| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT| Boolean | Enables self signed TLS certificate for the DNS web console. |
| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx. |
| DNS_SERVER_RECURSION | String | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`. |
| DNS_SERVER_RECURSION_NETWORK_ACL | String | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. |
| DNS_SERVER_RECURSION_DENIED_NETWORKS | String | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
| DNS_SERVER_RECURSION_ALLOWED_NETWORKS | String | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
| DNS_SERVER_ENABLE_BLOCKING | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone. |
| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. |
| DNS_SERVER_BLOCK_LIST_URLS | String | A comma separated list of block list URLs. |
| DNS_SERVER_FORWARDERS | String | A comma separated list of forwarder addresses. |
| DNS_SERVER_FORWARDER_PROTOCOL | String | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`. |
| DNS_SERVER_LOG_USING_LOCAL_TIME | Boolean | Enable this option to use local time instead of UTC for logging. |
| Environment Variable | Type | Description |
| ---------------------------------------------- | ------- | -----------------------------------------------------------------------------------------------------------------------------------------|
| DNS_SERVER_DOMAIN | String | The primary domain name used by this DNS Server to identify itself. |
| DNS_SERVER_ADMIN_PASSWORD | String | The DNS web console admin user password. |
| DNS_SERVER_ADMIN_PASSWORD_FILE | String | The path to a file that contains a plain text password for the DNS web console admin user. |
| DNS_SERVER_PREFER_IPV6 | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled. |
| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES | String | A comma separated list of IP addresses for the DNS web console to listen on. |
| DNS_SERVER_WEB_SERVICE_HTTP_PORT | Integer | The TCP port number for the DNS web console over HTTP protocol. |
| DNS_SERVER_WEB_SERVICE_HTTPS_PORT | Integer | The TCP port number for the DNS web console over HTTPS protocol. |
| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS | Boolean | Enables HTTPS for the DNS web console. |
| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT | Boolean | Enables self signed TLS certificate for the DNS web console. |
| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH | String | The file path to the TLS certificate for the DNS web console. |
| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD| String | The password for the TLS certificate for the DNS web console. |
| DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT | Boolean | Enables HTTP to HTTPS redirection for the DNS web console. |
| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx. |
| DNS_SERVER_RECURSION | String | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`. |
| DNS_SERVER_RECURSION_NETWORK_ACL | String | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. |
| DNS_SERVER_RECURSION_DENIED_NETWORKS | String | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
| DNS_SERVER_RECURSION_ALLOWED_NETWORKS | String | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
| DNS_SERVER_ENABLE_BLOCKING | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone. |
| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. |
| DNS_SERVER_BLOCK_LIST_URLS | String | A comma separated list of block list URLs. |
| DNS_SERVER_FORWARDERS | String | A comma separated list of forwarder addresses. |
| DNS_SERVER_FORWARDER_PROTOCOL | String | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`. |
| DNS_SERVER_LOG_USING_LOCAL_TIME | Boolean | Enable this option to use local time instead of UTC for logging. |

3
docker-compose.yml
View File

@@ -27,6 +27,9 @@ services:
# - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
# - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/etc/dns/tls/cert.pfx #The file path to the TLS certificate for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD=password #The password for the TLS certificate for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT=false #Enables HTTP to HTTPS redirection for the DNS web console.
# - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
# - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
# - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.