From 0b3dfaec64dece67aff8716dee70e61b298c4995 Mon Sep 17 00:00:00 2001 From: Nick Peng Date: Sun, 12 Nov 2023 09:58:02 +0800 Subject: [PATCH] add bind-https option --- docs/config/server-config.md | 18 ++++++++++++------ docs/configuration.md | 1 + en/docs/config/server-config.md | 20 +++++++++++++------- en/docs/configuration.md | 3 ++- 4 files changed, 28 insertions(+), 14 deletions(-) diff --git a/docs/config/server-config.md b/docs/config/server-config.md index c00f7f9..5f36102 100644 --- a/docs/config/server-config.md +++ b/docs/config/server-config.md @@ -5,7 +5,7 @@ hide: # 服务端配置 -smartdns目前提供了UDP, TCP, DOT三种服务端模式。 +smartdns目前提供了UDP, TCP, DOT, DOH四种服务端模式。 ## UDP服务端 @@ -39,14 +39,20 @@ smartdns目前提供了UDP, TCP, DOT三种服务端模式。 tcp-idle-time 120 ``` -## DOT服务端 +## DOT,DOH服务端 -1. 通过`bind-tls`参数配置,配置例子如下: +1. 通过`bind-tls`, `bind-https`参数配置,配置例子如下: ```shell - bind-tls 0.0.0.0:53@eth0 - bind-tls [::]:53@eth0 - bind-tls :53@eth0 + # DOT 服务器 + bind-tls 0.0.0.0:853@eth0 + bind-tls [::]:853@eth0 + bind-tls :853@eth0 + + # DOH 服务器 + bind-https 0.0.0.0:443@eth0 + bind-https [::]:443@eth0 + bind-https :443@eth0 ``` diff --git a/docs/configuration.md b/docs/configuration.md index d3377ee..45fb311 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -16,6 +16,7 @@ hide: | bind | DNS 监听端口号 | [::]:53 | 可绑定多个端口。
IP:PORT@DEVICE: 服务器 IP:端口号@设备名
[-group]: 请求时使用的 DNS 服务器组
[-no-rule-addr]:跳过 address 规则
[-no-rule-nameserver]:跳过 Nameserver 规则
[-no-rule-ipset]:跳过 ipset 和 nftset 规则
[-no-rule-soa]:跳过 SOA(#) 规则
[-no-dualstack-selection]:停用双栈测速
[-no-speed-check]:停用测速
[-no-cache]:停止缓存
[-force-aaaa-soa]: 禁用IPV6查询
[-ipset]: 设置IPSet,参考ipset选项
[-nftset]: 设置nftset,参考nftset选项| bind :53@eth0 | | bind-tcp | DNS TCP 监听端口号 | [::]:53 | 可绑定多个端口。
IP:PORT@DEVICE: 服务器 IP:端口号@设备名
[-group]: 请求时使用的 DNS 服务器组
[-no-rule-addr]:跳过 address 规则
[-no-rule-nameserver]:跳过 nameserver 规则
[-no-rule-ipset]:跳过 ipset 和 nftset 规则。
[-no-rule-soa]:跳过 SOA(#) 规则
[-no-dualstack-selection]:停用双栈测速
[-no-speed-check]:停用测速
[-no-cache]:停止缓存
[-force-aaaa-soa]: 禁用IPV6查询
[-ipset]: 设置IPSet,参考ipset选项
[-nftset]: 设置nftset,参考nftset选项 | bind-tcp :53 | | bind-tls | DNS Over TLS 监听端口号 | [::]:853 | 可绑定多个端口。
IP:PORT@DEVICE: 服务器 IP:端口号@设备名
[-group]: 请求时使用的 DNS 服务器组
[-no-rule-addr]:跳过 address 规则
[-no-rule-nameserver]:跳过 nameserver 规则
[-no-rule-ipset]:跳过 ipset 和 nftset 规则。
[-no-rule-soa]:跳过 SOA(#) 规则
[-no-dualstack-selection]:停用双栈测速
[-no-speed-check]:停用测速
[-no-cache]:停止缓存
[-force-aaaa-soa]: 禁用IPV6查询
[-ipset]: 设置IPSet,参考ipset选项
[-nftset]: 设置nftset,参考nftset选项| bind-tls :853 | +| bind-https | DNS Over HTTPS 监听端口号 | [::]:853 | 可绑定多个端口。
IP:PORT@DEVICE: 服务器 IP:端口号@设备名
[-group]: 请求时使用的 DNS 服务器组
[-no-rule-addr]:跳过 address 规则
[-no-rule-nameserver]:跳过 nameserver 规则
[-no-rule-ipset]:跳过 ipset 和 nftset 规则。
[-no-rule-soa]:跳过 SOA(#) 规则
[-no-dualstack-selection]:停用双栈测速
[-no-speed-check]:停用测速
[-no-cache]:停止缓存
[-force-aaaa-soa]: 禁用IPV6查询
[-ipset]: 设置IPSet,参考ipset选项
[-nftset]: 设置nftset,参考nftset选项| bind-https :853 | | bind-cert-file | SSL证书文件路径 | smartdns-cert.pem | 合法路径字符串 | bind-cert-file cert.pem | | bind-cert-key-file | SSL证书KEY文件路径 | smartdns-key.pem | 合法路径字符串 | bind-cert-key-file key.pem | | bind-cert-key-pass | SSL证书KEY文件密码 | 无 | 字符串 | bind-cert-key-pass password | diff --git a/en/docs/config/server-config.md b/en/docs/config/server-config.md index 3c9d4f8..73cdcf6 100644 --- a/en/docs/config/server-config.md +++ b/en/docs/config/server-config.md @@ -5,7 +5,7 @@ hide: # Server Configuration -Currently, smartdns provides three server modes: UDP, TCP, and DOT. +Currently, smartdns provides three server modes: UDP, TCP, DOH, and DOT. ## UDP Server @@ -39,15 +39,21 @@ Currently, smartdns provides three server modes: UDP, TCP, and DOT. tcp-idle-time 120 ``` -## DOT Server +## DOT, DOH Server -1. Configure with the `bind-tls` parameter. For example: +1. Configure with the `bind-tls`, `bind-https` parameter. For example: ```shell - bind-tls 0.0.0.0:53@eth0 - bind-tls [::]:53@eth0 - bind-tls :53@eth0 - ``` + # DOT server + bind-tls 0.0.0.0:853@eth0 + bind-tls [::]:853@eth0 + bind-tls :853@eth0 + + # DOH server + bind-https 0.0.0.0:443@eth0 + bind-https [::]:443@eth0 + bind-https :443@eth0 + 1. Set certificate and key files diff --git a/en/docs/configuration.md b/en/docs/configuration.md index e96e249..35290fd 100644 --- a/en/docs/configuration.md +++ b/en/docs/configuration.md @@ -11,7 +11,8 @@ hide: |server-name|DNS name|host name/smartdns|any string like hostname|server-name smartdns |bind|DNS listening port number|[::]:53|Support binding multiple ports
`IP:PORT@DEVICE`: server IP, port number, and device.
`[-group]`: The DNS server group used when requesting.
`[-no-rule-addr]`: Skip the address rule.
`[-no-rule-nameserver]`: Skip the Nameserver rule.
`[-no-rule-ipset]`: Skip the Ipset or nftset rules.
`[-no-rule-soa]`: Skip address SOA(#) rules.
`[-no-dualstack-selection]`: Disable dualstack ip selection.
`[-no-speed-check]`: Disable speed measurement.
`[-no-cache]`: stop caching
[-force-aaaa-soa]: force AAAA query return SOA,
[-ipset]: set IPSet, refer to ipset option
[-nftset]: set nftset, refer to nftset option |bind :53@eth0 |bind-tcp|TCP mode DNS listening port number|[::]:53|Support binding multiple ports
`IP:PORT@DEVICE`: server IP, port number and device.
`[-group]`: The DNS server group used when requesting.
`[-no-rule-addr]`: Skip the address rule.
`[-no-rule-nameserver]`: Skip the Nameserver rule.
`[-no-rule-ipset]`: Skip the ipset or nftset rules.
`[-no-rule-soa]`: Skip address SOA(#) rules.
`[-no-dualstack-selection]`: Disable dualstack ip selection.
`[-no-speed-check]`: Disable speed measurement.
`[-no-cache]`: stop caching
[-force-aaaa-soa]: force AAAA query return SOA,
[-ipset]: set IPSet, refer to ipset option
[-nftset]: set nftset, refer to nftset option |bind-tcp :53 -|bind-tls|DOT mode DNS listening port number|[::]:853|Support binding multiple ports
`IP:PORT@DEVICE`: server IP, port number and device.
`[-group]`: The DNS server group used when requesting.
`[-no-rule-addr]`: Skip the address rule.
`[-no-rule-nameserver]`: Skip the Nameserver rule.
`[-no-rule-ipset]`: Skip the ipset or nftset rules.
`[-no-rule-soa]`: Skip address SOA(#) rules.
`[-no-dualstack-selection]`: Disable dualstack ip selection.
`[-no-speed-check]`: Disable speed measurement.
`[-no-cache]`: stop caching
[-force-aaaa-soa]: force AAAA query return SOA,
[-ipset]: set IPSet, refer to ipset option
[-nftset]: set nftset, refer to nftset option |bind-tcp :853 +|bind-tls|DOT mode DNS listening port number|[::]:853|Support binding multiple ports
`IP:PORT@DEVICE`: server IP, port number and device.
`[-group]`: The DNS server group used when requesting.
`[-no-rule-addr]`: Skip the address rule.
`[-no-rule-nameserver]`: Skip the Nameserver rule.
`[-no-rule-ipset]`: Skip the ipset or nftset rules.
`[-no-rule-soa]`: Skip address SOA(#) rules.
`[-no-dualstack-selection]`: Disable dualstack ip selection.
`[-no-speed-check]`: Disable speed measurement.
`[-no-cache]`: stop caching
[-force-aaaa-soa]: force AAAA query return SOA,
[-ipset]: set IPSet, refer to ipset option
[-nftset]: set nftset, refer to nftset option |bind-tls :853 +|bind-https|DOH mode DNS listening port number|[::]:853|Support binding multiple ports
`IP:PORT@DEVICE`: server IP, port number and device.
`[-group]`: The DNS server group used when requesting.
`[-no-rule-addr]`: Skip the address rule.
`[-no-rule-nameserver]`: Skip the Nameserver rule.
`[-no-rule-ipset]`: Skip the ipset or nftset rules.
`[-no-rule-soa]`: Skip address SOA(#) rules.
`[-no-dualstack-selection]`: Disable dualstack ip selection.
`[-no-speed-check]`: Disable speed measurement.
`[-no-cache]`: stop caching
[-force-aaaa-soa]: force AAAA query return SOA,
[-ipset]: set IPSet, refer to ipset option
[-nftset]: set nftset, refer to nftset option |bind-https :853 |bind-cert-file|SSL Certificate file path|smartdns-cert.pem|path| bind-cert-file cert.pem | |bind-cert-key-file|SSL Certificate key file path|none|smartdns-key.pem| bind-cert-key-file key.pem | |bind-cert-key-pass|SSL Certificate key file password|none|string| bind-cert-key-pass password |