Merge pull request #1497 from simonvandermeer/develop

Added TLS cert path, TLS cert password and HTTP to TLS redirect docker env variables

DnsServerCore/DnsWebService.cs

@@ -268,6 +268,18 @@ namespace DnsServerCore
                 string webServiceUseSelfSignedTlsCertificate = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT");
                 if (!string.IsNullOrEmpty(webServiceUseSelfSignedTlsCertificate))
                     _webServiceUseSelfSignedTlsCertificate = bool.Parse(webServiceUseSelfSignedTlsCertificate);
+                
+                string webServiceTlsCertificatePath = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH");
+                if (!string.IsNullOrEmpty(webServiceTlsCertificatePath))
+                    _webServiceTlsCertificatePath = webServiceTlsCertificatePath;
+
+                string webServiceTlsCertificatePassword = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD");
+                if (!string.IsNullOrEmpty(webServiceTlsCertificatePassword))
+                    _webServiceTlsCertificatePassword = webServiceTlsCertificatePassword;
+
+                string webServiceHttpToTlsRedirect = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT");
+                if (!string.IsNullOrEmpty(webServiceHttpToTlsRedirect))
+                    _webServiceHttpToTlsRedirect = bool.Parse(webServiceHttpToTlsRedirect);
 
                 SaveConfigFileInternal();
             }

DockerEnvironmentVariables.md

@@ -6,25 +6,28 @@ NOTE! These environment variables are read by the DNS server only when the DNS c
 
 The environment variables are described below:
 
-| Environment Variable                       | Type    | Description                                                                                                                              |
-| ------------------------------------------ | ------- | -----------------------------------------------------------------------------------------------------------------------------------------|
-| DNS_SERVER_DOMAIN                          | String  | The primary domain name used by this DNS Server to identify itself.                                                                      |
-| DNS_SERVER_ADMIN_PASSWORD                  | String  | The DNS web console admin user password.                                                                                                 |
-| DNS_SERVER_ADMIN_PASSWORD_FILE             | String  | The path to a file that contains a plain text password for the DNS web console admin user.                                               |
-| DNS_SERVER_PREFER_IPV6                     | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled.                                                        |
-| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES     | String  | A comma separated list of IP addresses for the DNS web console to listen on.                                                             |
-| DNS_SERVER_WEB_SERVICE_HTTP_PORT           | Integer | The TCP port number for the DNS web console over HTTP protocol.                                                                          |
-| DNS_SERVER_WEB_SERVICE_HTTPS_PORT          | Integer | The TCP port number for the DNS web console over HTTPS protocol.                                                                         |
-| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS        | Boolean | Enables HTTPS for the DNS web console.                                                                                                   |
-| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT| Boolean | Enables self signed TLS certificate for the DNS web console.                                                                             |
-| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx.            |
-| DNS_SERVER_RECURSION                       | String  | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`.                                             |
-| DNS_SERVER_RECURSION_NETWORK_ACL           | String  | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. |
-| DNS_SERVER_RECURSION_DENIED_NETWORKS       | String  | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.  |
-| DNS_SERVER_RECURSION_ALLOWED_NETWORKS      | String  | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
-| DNS_SERVER_ENABLE_BLOCKING                 | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone.                                                        |
-| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT       | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.                    |
-| DNS_SERVER_BLOCK_LIST_URLS                 | String  | A comma separated list of block list URLs.                                                                                               |
-| DNS_SERVER_FORWARDERS                      | String  | A comma separated list of forwarder addresses.                                                                                           |
-| DNS_SERVER_FORWARDER_PROTOCOL              | String  | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`.                                                                   |
-| DNS_SERVER_LOG_USING_LOCAL_TIME            | Boolean | Enable this option to use local time instead of UTC for logging.                                                                         |
+| Environment Variable                           | Type    | Description                                                                                                                              |
+| ---------------------------------------------- | ------- | -----------------------------------------------------------------------------------------------------------------------------------------|
+| DNS_SERVER_DOMAIN                              | String  | The primary domain name used by this DNS Server to identify itself.                                                                      |
+| DNS_SERVER_ADMIN_PASSWORD                      | String  | The DNS web console admin user password.                                                                                                 |
+| DNS_SERVER_ADMIN_PASSWORD_FILE                 | String  | The path to a file that contains a plain text password for the DNS web console admin user.                                               |
+| DNS_SERVER_PREFER_IPV6                         | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled.                                                        |
+| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES         | String  | A comma separated list of IP addresses for the DNS web console to listen on.                                                             |
+| DNS_SERVER_WEB_SERVICE_HTTP_PORT               | Integer | The TCP port number for the DNS web console over HTTP protocol.                                                                          |
+| DNS_SERVER_WEB_SERVICE_HTTPS_PORT              | Integer | The TCP port number for the DNS web console over HTTPS protocol.                                                                         |
+| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS            | Boolean | Enables HTTPS for the DNS web console.                                                                                                   |
+| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT    | Boolean | Enables self signed TLS certificate for the DNS web console.                                                                             |
+| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH    | String  | The file path to the TLS certificate for the DNS web console.                                                                            |
+| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD| String  | The password for the TLS certificate for the DNS web console.                                                                            |
+| DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT    | Boolean | Enables HTTP to HTTPS redirection for the DNS web console.                                                                               |
+| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP     | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx.            |
+| DNS_SERVER_RECURSION                           | String  | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`.                                             |
+| DNS_SERVER_RECURSION_NETWORK_ACL               | String  | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. |
+| DNS_SERVER_RECURSION_DENIED_NETWORKS           | String  | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.  |
+| DNS_SERVER_RECURSION_ALLOWED_NETWORKS          | String  | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. |
+| DNS_SERVER_ENABLE_BLOCKING                     | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone.                                                        |
+| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT           | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.                    |
+| DNS_SERVER_BLOCK_LIST_URLS                     | String  | A comma separated list of block list URLs.                                                                                               |
+| DNS_SERVER_FORWARDERS                          | String  | A comma separated list of forwarder addresses.                                                                                           |
+| DNS_SERVER_FORWARDER_PROTOCOL                  | String  | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`.                                                                   |
+| DNS_SERVER_LOG_USING_LOCAL_TIME                | Boolean | Enable this option to use local time instead of UTC for logging.                                                                         |

docker-compose.yml

@@ -27,6 +27,9 @@ services:
       # - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
       # - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
       # - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
+      # - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/etc/dns/tls/cert.pfx #The file path to the TLS certificate for the DNS web console.
+      # - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD=password #The password for the TLS certificate for the DNS web console.
+      # - DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT=false #Enables HTTP to HTTPS redirection for the DNS web console.
       # - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
       # - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
       # - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.