diff options
| -rw-r--r-- | daemon/bindings/net.rst | 3 | ||||
| -rw-r--r-- | modules/http/README.doh.rst | 4 | ||||
| -rw-r--r-- | modules/http/README.rst | 42 | ||||
| -rw-r--r-- | systemd/kresd-doh.socket.d/all-interfaces.conf | 2 | ||||
| -rw-r--r-- | systemd/kresd-doh.socket.d/specific-interfaces.conf | 4 |
5 files changed, 14 insertions, 41 deletions
diff --git a/daemon/bindings/net.rst b/daemon/bindings/net.rst index 696fe6ed..458683ef 100644 --- a/daemon/bindings/net.rst +++ b/daemon/bindings/net.rst @@ -75,8 +75,6 @@ TLS connections. [Socket] ListenStream=192.0.2.115:853 -.. _kresd-doh-socket-configuration: - To configure socket for DNS-over-HTTPS, make sure you have ``kresd-doh.socket`` installed (it might be part of a separate ``knot-resolver-module-http`` package). Then, you can configure its network @@ -147,6 +145,7 @@ configured in the config file. net.listen('::1') net.listen(net.lo, 5353) net.listen({net.eth0, '127.0.0.1'}, 53853, { kind = 'tls' }) + net.listen('::', 443, { kind = 'doh' }) -- see http module net.listen('::', 8453, { kind = 'webmgmt' }) -- see http module .. function:: net.close(address, [port]) diff --git a/modules/http/README.doh.rst b/modules/http/README.doh.rst index fcd25762..beb9657a 100644 --- a/modules/http/README.doh.rst +++ b/modules/http/README.doh.rst @@ -46,12 +46,12 @@ This integrated DoH server has following properties: :ref:`Example configuration <mod-http-example>` is part of examples for generic HTTP module. After configuring your endpoint you can reach the DoH endpoint using -URL ``https://your.resolver.hostname.example:44353/doh``, done! +URL ``https://your.resolver.hostname.example/doh``, done! .. code-block:: bash # query for www.knot-resolver.cz AAAA - $ curl -k https://your.resolver.hostname.example:44353/doh?dns=l1sBAAABAAAAAAAAA3d3dw1rbm90LXJlc29sdmVyAmN6AAAcAAE + $ curl -k https://your.resolver.hostname.example/doh?dns=l1sBAAABAAAAAAAAA3d3dw1rbm90LXJlc29sdmVyAmN6AAAcAAE Please see section :ref:`mod-http-tls` for further details about TLS configuration. diff --git a/modules/http/README.rst b/modules/http/README.rst index 7c82d893..4c50232e 100644 --- a/modules/http/README.rst +++ b/modules/http/README.rst @@ -43,46 +43,20 @@ Example configuration Here we show how to configure web management API on loopback interface on port 8453, and how to expose :ref:`mod-http-doh` endpoint on public IP addresses. -Modern distributions use systemd socket activation and thus IP addresses of endpoints -are configured using systemd. (Beware, CentOS 7 has too old version of systemd and -you have to configure IP addresses in Knot Resolver's configuration file instead.) +For network configuration when using systemd socket activation, refer to +:ref:`network-configuration`. Please note ``kresd-webmgmt.socket`` is +configured to listen on loopack interface on port 8453 by default and requires +no further configurtion. + +If your distribution isn't using systemd socket activation (e.g. CentOS 7 or +macOS), use ``net.listen()`` and use kind ``doh`` for DNS-over-HTTPS and +``webmgmt`` for web management API. .. warning:: Make sure you read section :ref:`mod-http-doh` before copy&pasting this snippet. -.. code-block:: bash - - # IP address configuration for modern systems - # with systemd socket activation (not CentOS 7) - - # configuring DoH on public IP addresses, port 44353 - $ vim /etc/systemd/system/kresd-doh.socket.d/override.conf - # /etc/systemd/system/kresd-doh.socket.d/override.conf - [Socket] - ListenStream= - ListenStream=192.0.2.1:44353 - ListenStream=[2001:db8::1]:44353 - - # configuring web management on loopback port 8453 - $ vim /etc/systemd/system/kresd-webmgmt.socket.d/override.conf - # /etc/systemd/system/kresd-webmgmt.socket.d/override.conf - [Socket] - ListenStream= - ListenStream=127.0.0.1:8453 - - .. code-block:: lua - -- use net.listen() only on old systems like CentOS 7 - -- which lack proper support for systemd socket activation - - -- expose management interface on loopback - -- net.listen('127.0.0.1', '8453', { kind = 'webmgmt' }) - - -- expose DoH on public interfaces - -- net.listen('192.0.2.1', '44353', { kind = 'doh' }) - -- net.listen('2001:db8::1', '44353', { kind = 'doh' }) - -- load HTTP module with defaults (self-signed TLS cert) modules.load('http') -- optionally load geoIP database for server map diff --git a/systemd/kresd-doh.socket.d/all-interfaces.conf b/systemd/kresd-doh.socket.d/all-interfaces.conf index 3a02aaf5..63619099 100644 --- a/systemd/kresd-doh.socket.d/all-interfaces.conf +++ b/systemd/kresd-doh.socket.d/all-interfaces.conf @@ -8,4 +8,4 @@ [Socket] ListenStream= -ListenStream=[::]:44353 +ListenStream=[::]:443 diff --git a/systemd/kresd-doh.socket.d/specific-interfaces.conf b/systemd/kresd-doh.socket.d/specific-interfaces.conf index d4dab85e..1108d3b2 100644 --- a/systemd/kresd-doh.socket.d/specific-interfaces.conf +++ b/systemd/kresd-doh.socket.d/specific-interfaces.conf @@ -5,5 +5,5 @@ # ListenStream can be added multiple times. [Socket] -ListenStream=192.0.2.115:44353 -ListenStream=[2001:db8::115]:44353 +ListenStream=192.0.2.115:443 +ListenStream=[2001:db8::115]:443 |