mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-31 03:11:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
aports/testing/dnscrypt-proxy/dnscrypt-proxy.setup
IT Offshore 5213bcabac Revised dnscrypt-proxy setup script 
I did a little more testing on the /sbin/setup-dnscrypt script (once I
knew I could install the APK's I made). This fixes previous bugs with
setting up dns caching (a 2nd loopback is created & the proxy now
listens on 127.0.0.2:40 by default if caching is enabled). Errors in
setting up & starting the services are also fixed.
2013-11-19 15:50:25 +00:00

278 lines
9.5 KiB
Bash
Raw Blame History

#!/bin/sh
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# dnscrypt-proxy setup script to choose DNS Resolver / install & configure DNS Caching
############################################################################################
NORMAL="\033[1;0m"
STRONG="\033[1;1m"
RED="\033[1;31m"
GREEN="\033[1;32m"
print_question() {
local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
printf "${prompt} %s"
}
print_strong() {
local prompt="${STRONG}$1 ${RED}$2${NORMAL}"
printf "${prompt} %s\n"
}
print_green() {
local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
printf "${prompt} %s\n"
}
print_table() {
local choice="${RED}${STRONG}$1${NORMAL}"
local resolver="${STRONG}$2"
local location="${GREEN}$3"
printf "${choice} ${resolver} ${location} %s\n"
}
die() {
print_table "ERROR:" "$1" > /dev/null 1>&2
exit 1
}
restart_interface(){
INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
print_question "\nChoose external interface to restart from the following:"
print_question "\n\n$INTERFACES" "[ default - eth0 ]"
read RESTART
if [ ! $RESTART ] ;then
RESTART=eth0; print_green "\nInterface: $RESTART Selected\n";
if echo $INTERFACES | grep $RESTART 1> /dev/null; then
ifdown $RESTART && ifup $RESTART
fi
fi
}
choose_ip(){
if [ ! $IP ]; then
IP=none
IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
until echo $IPADDR | grep -e $IP 1>/dev/null
do
print_question "\nChoose dnscrypt ip from the following addresses:\n"
print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
read IP
if [ ! $IP ] ;then
IP=127.0.0.1; print_green "\nIP: $IP Selected";
fi
done
else
#ip already set to 2nd loopback for dns caching
print_green "\nIP: $IP will be configured for dnscrypt-proxy";
fi
}
choose_port(){
print_question "\nChoose dnscrypt port:" "[ default = 40 ]"
until [ "$DNSPORT" -gt 0 ] 2>/dev/null
do
read DNSPORT
if [ ! $DNSPORT ]; then
DNSPORT=40; print_green "\nPort: 40 Selected"
fi
case $DNSPORT in
''|*[!0-9]*) print_question "\nChoose NUMERIC dnscrypt port:" "[ default = 40 ]" ;;
*) if [ "$DNSPORT" -gt 65535 ]; then
print_question "\nPlease choose a valid port" "[1 - 65535]";
DNSPORT=0;
fi;;
esac
done
}
update_unbound(){
if [ -f /etc/unbound/unbound.conf ]; then
if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
#update forward zone
START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
LINE=$(expr $START + 4)
sed "$LINE c \ forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
else
# allow querying of localhost
START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf)
sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i
# create catch all forward zone
echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
echo -e ' name: "."' >> /etc/unbound/unbound.conf
echo -e " forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
fi
print_strong "\n/etc/unbound/unbound.conf settings updated to:"
print_green "--------------------------------------------------------"
print_table "do-not-query-localhost: no"
print_table ""
print_table 'forward-zone:'
print_table ' name: "."'
print_table " forward-addr: $IP@$DNSPORT"
print_green "--------------------------------------------------------"
fi
}
# Do some sanity checking.
if [ $(/usr/bin/id -u) != "0" ]; then
die 'Must be run by root user'
fi
clear;
print_table "\n DNSCRYPT-PROXY MANAGER"
print_green "-----------------------------------------------------------------"
print_table "1:" "OpenDNS"
print_table "2:" "Cloud NS\t\t : Canberra, Australia" "(No Logs, DNSSEC)"
print_table "3:" "Cloud NS\t\t : Canberra" "(over TOR .onion:443)"
print_table "4:" "Cloud NS\t\t : Sydney, Australia" "(No Logs, DNSSEC)"
print_table "5:" "Cloud NS\t\t : Sydney" "(over TOR .onion:443)"
print_table "6:" "OpenNIC\t\t : Japan" "(No Logs)"
print_table "7:" "DNSCrypt.eu\t\t : Holland" "(No logs, DNSSEC)"
print_table "8:" "Soltysiak.com\t : Poland" "(No logs, DNSSEC)"
print_green "-----------------------------------------------------------------"
print_question "Please choose a DNS Resolver for dnscrypt-proxy to query" "[1 - 8]:"
until [ "$DNS" -gt 0 ] 2>/dev/null
do
read DNS
case $DNS in
1) RESOLVER=208.67.220.220:443;
PROVIDER=2.dnscrypt-cert.opendns.com
PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
2) RESOLVER=113.20.6.2:443;
PROVIDER=2.dnscrypt-cert.cloudns.com.au;
PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
PROVIDER=2.dnscrypt-cert.cloudns.com.au;
PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
4) RESOLVER=113.20.8.17:443;
PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
5) RESOLVER=l65q62lf7wnfme7m.onion:443;
PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
6) RESOLVER=106.186.17.181:2053;
PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
7) RESOLVER=176.56.237.171:443;
PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
8) RESOLVER=178.216.201.222:2053;
PROVIDER=2.dnscrypt-cert.soltysiak.com;
PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
#check for numerical input
''|0|*[!0-9]*) print_question "Please choose a NUMERIC option:" "[1 - 8]" ;;
*) if [ "$DNS" -gt 8 ]; then
print_question "Please choose an option:" "[1 - 8]";
DNS=0;
fi;;
esac
done
# remove existing Resolver config
if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
fi
# update Resolver config
echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
print_strong "\n/etc/conf.d/dnscrypt-proxy Resolver Settings updated to:"
print_green "---------------------------------------------------------------------------------------------"
print_table "RESOLVER\t\t:" "$RESOLVER"
print_table "PROVIDER\t\t:" "$PROVIDER"
print_table "PUBLIC KEY :" "$PUBKEY"
print_green "---------------------------------------------------------------------------------------------"
# install unbound
if ! which unbound 1> /dev/null; then
print_question "Install Unbound (Caching DNS Server)" "[ Y / N ]"
read installsrv
if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
apk add -q unbound
fi
fi
# check for / setup secondary loopback for dns caching
if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
read install2ndloop
if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
IP=127.0.0.2
echo "auto lo:1" >> /etc/network/interfaces
echo "iface lo:1 inet static" >> /etc/network/interfaces
echo "address 127.0.0.2" >> /etc/network/interfaces
echo "netmask 255.0.0.0" >> /etc/network/interfaces
ifconfig lo:1 127.0.0.2 up
fi
fi
# choose dnscrypt ip address port
if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
read updateip
else
#ip is already the 2nd loopback
updateip=Y; IP=127.0.0.2
print_green "\nDNS Caching configured"
fi
if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
choose_ip; choose_port
# update dnscrypt listening ip & port
LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
sed "$LINE c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
# update dhclient.conf
if [ -f /etc/dhcp/dhclient.conf ]; then
if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
LINE=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
sed "$LINE c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
else
echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
fi
fi
# update resolv.conf & unbound
LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
update_unbound
restart_interface
# add / restart services
for srv in "unbound" "dnscrypt-proxy"; do
if which $srv 1> /dev/null; then
rc-status default | grep $srv 1> /dev/null
if [ "$?" != "0" ]; then
rc-update add $srv default
fi
rc-service $srv restart
fi
done
print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
print_green "--------------------------------------------------------"
print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
print_green "--------------------------------------------------------\n"
fi
Reference in New Issue View Git Blame Copy Permalink