diff options
Diffstat (limited to 'network/dnscrypt-proxy')
-rw-r--r-- | network/dnscrypt-proxy/README | 3 | ||||
-rw-r--r-- | network/dnscrypt-proxy/README.Slackware | 18 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild | 8 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.conf | 244 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.default | 93 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.info | 6 | ||||
-rw-r--r-- | network/dnscrypt-proxy/doinst.sh | 1 | ||||
-rw-r--r-- | network/dnscrypt-proxy/rc.dnscrypt-proxy | 94 |
8 files changed, 309 insertions, 158 deletions
diff --git a/network/dnscrypt-proxy/README b/network/dnscrypt-proxy/README index a84642b31abee..5ec190cc0e82f 100644 --- a/network/dnscrypt-proxy/README +++ b/network/dnscrypt-proxy/README @@ -3,7 +3,8 @@ resolver. It provides a local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server. -By default dnscrypt-proxy is configured to use OpenDNS' servers. +By default dnscrypt-proxy is configured to use a random DNS server; you will +definitely want to change this. Be sure to read README.Slackware for information on configuring/running dnscrypt-proxy as a daemon! diff --git a/network/dnscrypt-proxy/README.Slackware b/network/dnscrypt-proxy/README.Slackware index 5fbdc4698639e..6af60acaab9a2 100644 --- a/network/dnscrypt-proxy/README.Slackware +++ b/network/dnscrypt-proxy/README.Slackware @@ -1,9 +1,9 @@ A. Setup An init script and configuration file have been provided to run dnscrypt-proxy -as a daemon. To configure dnscrypt-proxy, edit /etc/default/dnscrypt-proxy with -the desired settings. By default dnscrypt-proxy will use an OpenDNS server and -will run on localhost (127.0.0.1), port 53. +as a daemon. To configure dnscrypt-proxy, edit /etc/dnscrypt-proxy.conf with +the desired settings. By default dnscrypt-proxy will use a random DNS server +and will run on localhost (127.0.0.1), port 53. The configuration file is setup to use a dnscrypt user by default, and to chroot into that user's home directory to maximize security. In order to use @@ -13,9 +13,9 @@ following commands: groupadd -g 293 dnscrypt useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt -If you decide to use another user you should edit the CHROOTDIR and USER -options in /etc/default/dnscrypt-proxy (there are example settings provided for -the user 'nobody'). +If you decide to use another user you should edit the CHROOTDIR option in +/etc/default/dnscrypt-proxy and the User setting in /etc/dnscrypt-proxy.conf +(there are example settings provided for the user 'nobody'). In order to send all DNS requests through dnscrypt-proxy, you will need to update /etc/resolv.conf to point to localhost. If using dhcpcd, the easiest way @@ -44,8 +44,8 @@ To properly stop dnscrypt-proxy on system shutdown, add the following to B. DNS Cache -dnscrypt-proxy is just a DNS resolver and does not cache DNS queries. In order -to minimize the number of external DNS lookups, you can also run a local +dnscrypt-proxy provides limited control over how it caches DNS queries. In +order to minimize the number of external DNS lookups, you can also run a local caching DNS server. A sample configuration for dnsmasq (included with Slackware) is provided at /usr/doc/dnscrypt-proxy-@VERSION@/dnsmasq.conf. A sample configuration for bind/named that also does local DNSSEC validation (if @@ -53,4 +53,4 @@ supported by the upstream DNS server) is also provided at /usr/doc/dnscrypt-proxy-@VERSION@/named.conf. Both configurations run on port 53, forwarding lookups to dnscrypt-proxy running on port 55. In order to use these configurations you will need to change the port dnscrypt-proxy runs on in -/etc/default/dnscrypt-proxy. +/etc/dnscrypt-proxy.conf. diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild index a7e3b1eab8cfa..0c42db33b66ee 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild +++ b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for dnscrypt-proxy -# Copyright 2016 T3slider <t3slider@gmail.com> +# Copyright 2017 T3slider <t3slider@gmail.com> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,7 +28,7 @@ # value of this script! PRGNAM=dnscrypt-proxy -VERSION=${VERSION:-1.7.0} +VERSION=${VERSION:-1.9.5} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -100,11 +100,13 @@ mkdir -p $PKG/var/{run,log}/$PRGNAM $PKG/etc/default chmod 0700 $PKG/var/{run,log}/$PRGNAM sed "s/@VERSION@/$VERSION/" $CWD/$PRGNAM.default > $PKG/etc/default/$PRGNAM.new install -D -m 0755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new +rm -f $PKG/etc/$PRGNAM.conf +install -D -m 0644 $CWD/$PRGNAM.conf $PKG/etc/$PRGNAM.conf.new install -D -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a \ - AUTHORS ChangeLog COPYING DNSCRYPT-V2-PROTOCOL.txt INSTALL NEWS README README-PLUGINS.markdown README.markdown THANKS \ + AUTHORS ChangeLog INSTALL NEWS README THANKS \ $PKG/usr/doc/$PRGNAM-$VERSION sed "s/@VERSION@/$VERSION/g" $CWD/README.Slackware > $PKG/usr/doc/$PRGNAM-$VERSION/README.Slackware cat $CWD/dnsmasq.conf > $PKG/usr/doc/$PRGNAM-$VERSION/dnsmasq.conf diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.conf b/network/dnscrypt-proxy/dnscrypt-proxy.conf new file mode 100644 index 0000000000000..cfd6a750d57a7 --- /dev/null +++ b/network/dnscrypt-proxy/dnscrypt-proxy.conf @@ -0,0 +1,244 @@ +###################################################### +# # +# Sample configuration file for dnscrypt-proxy # +# # +###################################################### + + +############## Resolver settings ############## + +## [CHANGE THIS] Short name of the resolver to use +## Usually the only thing you need to change in this configuration file. +## This corresponds to the first column in the dnscrypt-resolvers.csv file. +## Alternatively, "random" (without quotes) picks a random random resolver +## accessible over IPv4, that doesn't log and supports DNSSEC. + +ResolverName random + + +## Full path to the list of available DNSCrypt resolvers (dnscrypt-resolvers.csv) +## An up-to-date list is available here: +## https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv +## and the dnscrypt-update-resolvers.sh script can be used in order to +## automatically download and verify updates. + +# ResolversList /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv + + +## Manual settings, only for a custom resolver not present in the CSV file + +# ProviderName 2.dnscrypt.resolver.example +# ProviderKey E801:B84E:A606:BFB0:BAC0:CE43:445B:B15E:BA64:B02F:A3C4:AA31:AE10:636A:0790:324D +# ResolverAddress 203.0.113.1:443 + + + +############## Process options ############## + +## [NOT AVAILABLE ON WINDOWS] Run the proxy as a background process. +## Unless you are using systemd, you probably want to change this to "yes" +## after having verified that the rest of the configuration works as expected. + +Daemonize yes + + +## Write the PID number to a file + +PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid + + +## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and +## run the server as a less-privileged system user. +## The value for this parameter is a user name. + +# User nobody +User dnscrypt + + + +############## Network/protocol settings ############## + +## Local address and port to listen to. +## A 127.0.0.x address is recommended for local use, but 0.0.0.0 or +## a specific interface address can be used on a router, or to +## configure a single machine to act as a DNS proxy for different +## devices. +## If the socket is created by systemd, the proxy cannot change the address +## using this option. You should edit systemd's dnscrypt-proxy.socket file +## instead. + +LocalAddress 127.0.0.1:53 + + +## Cache DNS responses to avoid outgoing traffic when the same queries +## are repeated multiple times in a row. + +LocalCache on + + +## Creates a new key pair for every query. +## This prevents logging servers from correlating client public keys with +## IP addresses. However, this option implies extra CPU load, and is not +## very useful with trusted/non-logging servers. + +EphemeralKeys off + + +## Maximum number of active requests waiting for a response. +## Keep it reasonable relative to the expected number of clients. + +# MaxActiveRequests 250 + + +## This is the maximum payload size allowed when using the UDP protocol. +## The default is safe, and rarely needs to be changed. + +# EDNSPayloadSize 1252 + + +## Ignore the time stamps when checking the certificates +## Do not enable this option ever, unless you know that you need it. + +# IgnoreTimestamps no + + +## Do not send queries using UDP. Only use TCP. +## Even if some resolvers mitigate this, DNS over TCP is almost always slower +## than UDP and doesn't offer additional security. +## Only enable this option if UDP doesn't work on your network. + +# TCPOnly no + + +## Forward queries for specific zones to one or more non-DNSCrypt resolvers. +## For instance, this can be used to redirect queries for local domains to +## the router, or queries for an internal domain to an internal DNS server. +## Multiple whitespace-delimited zones and IP addresses can be specified. +## Do not enable this unless you absolutely know you need it. +## If you see useless queries to these zones, you'd better block them with +## the BlackList feature instead of sending them in clear text to the router. +## This uses a plugin that requires dnscrypt-proxy to be compiled with +## the ldns library. + +# Forward domains:"test private localdomain lan" to:"192.168.100.254" + + +############## Logging ############## + +## Log the received DNS queries to a file, so you can watch in real-time what +## is happening on the network. +## The value for this parameter is a full path to the log file. +## The file name can be prefixed with ltsv: in order to store logs using the +## LTSV format (ex: ltsv:/tmp/dns-queries.log). + +# QueryLogFile /tmp/dns-queries.log + + +## Log file to write server errors and information to. +## If you use this tool for privacy, keeping logs of any kind is usually not +## a good idea. + +LogFile /var/log/dnscrypt-proxy/dnscrypt-proxy.log + + +## Don't log events with priority above this log level after the service has +## been started up. Default is 6. +## Valid values are between 0 (critical) to 7 (debug-level messages). + +# LogLevel 6 + + +## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon +## Log entries can optionally be prefixed with a string. + +# Syslog off +# SyslogPrefix dnscrypt + + + +############## Local filtering ############## + +## If your network doesn't support IPv6, chances are that your +## applications are still constantly trying to resolve IPv6 addresses, +## causing unnecessary slowdowns. +## This causes the proxy to immediately reply to IPv6 requests, +## without having to send a useless request to upstream resolvers, and +## having to wait for a response. +## This uses a plugin that requires dnscrypt-proxy to be compiled with +## the ldns library. + +BlockIPv6 no + + +## Want to filter ads, malware, sensitive or inappropriate websites and +## domain names? This feature can block lists of IP addresses and names +## matching a list of patterns. The list of rules remains private, and +## the filtering process directly happens on your own network. In order +## to filter IP addresses, the list of IPs has to be put into a text +## file, with one IP address per line. Lists of domain names can also be +## blocked as well. Put the list into a text file, one domain per line. +## Domains can include wildcards (*) in order to match patterns. For +## example *sex* will match any name that contains the sex substring, and +## ads.* will match anything starting with ads. The Internet has plenty +## of free feeds of IP addresses and domain names used for malware, +## phishing and spam that you can use with this feature. +## +## This uses a plugin that requires dnscrypt-proxy to be compiled with +## the ldns library. +## +## To enable, uncomment one of the following definitions: + +## Block query names matching the rules stored in that file: +# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" + +## Block responses whose IP addresses match IPs stored in that file: +# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" + +## Block both domain names and IP addresses: +# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" + +## Same as the above + log the blocked queries in a file. +## The log file can be prefixed with ltsv: (ex: ltsv:/tmp/log.txt) in order to +## store logs using the LTSV format. +# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" logfile:"/var/log/dnscrypt-blocked.log" +# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" +# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" + + + +############## User identification ############## + +## Use a client public key for identification +## By default, the client uses a randomized key pair in order to make tracking +## more difficult. This option does the opposite and uses a static key pair, so +## that DNS providers can offer premium services to queries signed with a known +## set of public keys. A client cannot decrypt the received responses without +## also knowing the secret key. +## The value for this property is the path to a file containing the secret key, +## encoded as a hexadecimal string. The corresponding public key is computed +## automatically. + +# ClientKey /etc/dnscrypt-client-secret.key + + + +############## Monitoring ############## + +## Do not actually start the proxy, but check that a valid certificate can be +## retrieved from the server and that it will remain valid for the specified +## time period. The process exit code is 0 if a valid certificate can be used, +## 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a +## currently valid certificate is going to expire before the given margin. +## Useful in a cron job to monitor your own dnscrypt-servers. +## The margin is specified in minutes. + +# Test 2880 + + + +############## Recursive configuration ############## + +## A configuration file can include other configuration files by inserting +## the `Include` directive anywhere (the full path required, no quotes): + +# Include /etc/dnscrypt-proxy-common.conf diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default index 1f8408ffe297d..3979212adec4a 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.default +++ b/network/dnscrypt-proxy/dnscrypt-proxy.default @@ -1,85 +1,22 @@ # /etc/default/dnscrypt-proxy -# This file contains the configuration settings for dnscrypt-proxy. This file -# supports configuring and running multiple instances (see the bottom of this -# file for a sample secondary configuration). - -# CHROOTDIR should be the same path as the USER's home directory. -# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody, -# this should be "/". +# This file contains additional configuration settings for dnscrypt-proxy +# (primary configuration belongs in the dnscrypt-proxy configuration file). +# This file supports configuring and running multiple instances (see the bottom +# of this file for a sample secondary configuration). + +# CHROOTDIR should be the same path as the daemon user's home directory. For +# the standard dnscrypt user this should be "/run/dnscrypt". For nobody, this +# should be "/". CHROOTDIR[0]="/run/dnscrypt" #CHROOTDIR[0]="/" -# The local address and (optional) port to listen on. The default port is 53. -LOCALADDRESS[0]="127.0.0.1:53" - -# The pid file for this instance. PIDFILE must always be specified for each -# instance! -PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid" - -# Runs the daemon as the following user and chroots to that user's home -# directory (this is a security feature -- it is best not to change this!) -USER[0]="dnscrypt" -#USER[0]="nobody" - -# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and -# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver -# from RESOLVERSLIST (the first column). -RESOLVERNAME[0]="cisco" - -# Specify the location of the resolver list, used if RESOLVERNAME is set. -RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" - -# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are -# the settings of the remote DNSCrypt provider. -#RESOLVERADDRESS[0]="208.67.220.220:443" -#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com" -#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79" - -# By default, queries are always sent with the same public key, allowing -# providers to link this public key to the different IP addresses you -# are using. Enabling ephemeral keys requires extra CPU cycles, but -# mitigates this by computing an ephemeral key pair for every query. -#EPHEMERALKEYS[0]="no" - -# Use client authentication (ie. a static client key) instead of randomly -# generating one. This should point to a private file. Its content does *not* -# need to be known by the DNS service provider. See -# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This -# option conflicts with EPHEMERALKEYS. -#CLIENTKEY[0]="/etc/dnscrypt.clientkey" - -# Transparently add an OPT pseudo-RR to outgoing queries in order to enable -# the EDNS0 extension mechanism. The payload size is the size of the largest -# response we accept from the resolver before retrying over TCP. This feature -# is enabled by default, with a payload size of 1252 bytes. Any value below -# 512 disables it. -#EDNSPAYLOADSIZE[0]="1252" - -# Set the maximum number of simultaneous active requests (default 250). -#MAXACTIVEREQUESTS[0]="250" - -# Use TCP instead of UDP. This is slower than UDP, and this workaround should -# never be used except when bypassing a filter is actually required. Moreover, -# multiple queries over a single TCP connection aren't supported yet. -# Don't use this unless you have to. Defaults to off ("no"). -#TCPONLY[0]="no" - -# Load the following plugins. None are loaded by default. See -# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more -# information. -#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \ -#libdcplugin_example_logging,/var/log/dns.log" - -# Where and what to log. The default LOGLEVEL is LOG_INFO. -#LOGLEVEL[0]="LOG_INFO" -LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log" +# DNSCRYPTCONFIG should be the path to the dnscrypt-proxy configuration file +# for the given instance. Note that PidFile must be defined in the config for +# the rc.dnscrypt start/stop script to function properly! +DNSCRYPTCONFIG[0]="/etc/dnscrypt-proxy.conf" -# A simple example configuration for a second instance +# A simple example configuration for a second instance (note that this would +# require a new dnscrypt-proxy configuration file) #CHROOTDIR[1]="/run/dnscrypt" -#LOCALADDRESS[1]="127.0.0.2:53" -#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid" -#USER[1]="dnscrypt" -#RESOLVERNAME[1]="cloudns-can" -#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" -#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log" +#DNSCRYPTCONFIG[1]="/etc/dnscrypt-proxy-1.conf" diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.info b/network/dnscrypt-proxy/dnscrypt-proxy.info index 87a6bcc644178..f25f91b36c8ab 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.info +++ b/network/dnscrypt-proxy/dnscrypt-proxy.info @@ -1,8 +1,8 @@ PRGNAM="dnscrypt-proxy" -VERSION="1.7.0" +VERSION="1.9.5" HOMEPAGE="https://dnscrypt.org/" -DOWNLOAD="https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.7.0.tar.bz2" -MD5SUM="e8049148b5401c6bc76cfaf11dcde635" +DOWNLOAD="https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.9.5.tar.bz2" +MD5SUM="0c356411ae4b1d984eacc452d033ff76" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="libsodium" diff --git a/network/dnscrypt-proxy/doinst.sh b/network/dnscrypt-proxy/doinst.sh index 11fd7612c2860..0dffe8a4a868f 100644 --- a/network/dnscrypt-proxy/doinst.sh +++ b/network/dnscrypt-proxy/doinst.sh @@ -24,4 +24,5 @@ preserve_perms() { preserve_perms etc/rc.d/rc.dnscrypt-proxy.new config etc/default/dnscrypt-proxy.new +config etc/dnscrypt-proxy.conf.new config etc/logrotate.d/dnscrypt-proxy.new diff --git a/network/dnscrypt-proxy/rc.dnscrypt-proxy b/network/dnscrypt-proxy/rc.dnscrypt-proxy index 221df34842031..fd747759d1371 100644 --- a/network/dnscrypt-proxy/rc.dnscrypt-proxy +++ b/network/dnscrypt-proxy/rc.dnscrypt-proxy @@ -6,11 +6,16 @@ DAEMON="/usr/sbin/dnscrypt-proxy" . $CONFIGFILE start_instance() { - if [ -z ${PIDFILE[$1]} ]; then + if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then echo "No configuration for instance $1 found!" return fi - if [ -r ${PIDFILE[$1]} ]; then + PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}') + if [ -z ${PIDFILE} ]; then + echo "No PID configuration for instance $1 found!" + return + fi + if [ -r ${PIDFILE} ]; then echo "dnscrypt-proxy (instance $1) already running!" return fi @@ -31,87 +36,48 @@ start_instance() { if [ ! -c ${CHROOTDIR[$1]}/dev/urandom ]; then mknod -m 666 ${CHROOTDIR[$1]}/dev/urandom c 1 9 fi + if [ ! -c ${CHROOTDIR[$1]}/dev/random ]; then + mknod -m 666 ${CHROOTDIR[$1]}/dev/random c 1 8 + fi fi fi - OPTIONS="-d" - if [ -n "${LOCALADDRESS[$1]}" ]; then - OPTIONS="${OPTIONS} --local-address=${LOCALADDRESS[$1]}" - fi - if [ -n "${PIDFILE[$1]}" ]; then - OPTIONS="${OPTIONS} --pidfile=${PIDFILE[$1]}" - fi - if [ -n "${USER[$1]}" ]; then - OPTIONS="${OPTIONS} --user=${USER[$1]}" - fi - if [ -n "${RESOLVERNAME[$1]}" ]; then - OPTIONS="${OPTIONS} --resolver-name=${RESOLVERNAME[$1]}" - fi - if [ -n "${RESOLVERSLIST[$1]}" ]; then - OPTIONS="${OPTIONS} --resolvers-list=${RESOLVERSLIST[$1]}" - fi - if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${RESOLVERADDRESS[$1]}" ]; then - OPTIONS="${OPTIONS} --resolver-address=${RESOLVERADDRESS[$1]}" - fi - if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERNAME[$1]}" ]; then - OPTIONS="${OPTIONS} --provider-name=${PROVIDERNAME[$1]}" - fi - if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERKEY[$1]}" ]; then - OPTIONS="${OPTIONS} --provider-key=${PROVIDERKEY[$1]}" - fi - if [ "${EPHEMERALKEYS[$1]}" == "yes" ]; then - OPTIONS="${OPTIONS} --ephemeral-keys" - fi - if [ -n "${CLIENTKEY[$1]}" ]; then - OPTIONS="${OPTIONS} --client-key=${CLIENTKEY[$1]}" - fi - if [ -n "${EDNSPAYLOADSIZE[$1]}" ]; then - OPTIONS="${OPTIONS} --edns-payload-size=${EDNSPAYLOADSIZE[$1]}" - fi - if [ -n "${MAXACTIVEREQUESTS[$1]}" ]; then - OPTIONS="${OPTIONS} --max-active-requests=${MAXACTIVEREQUESTS[$1]}" - fi - if [ "${TCPONLY[$1]}" == "yes" ]; then - OPTIONS="${OPTIONS} --tcp-only" - fi - if [ -n "${PLUGINS[$1]}" ]; then - for plugin in ${PLUGINS[$1]} - do - OPTIONS="${OPTIONS} --plugin=${plugin}" - done - fi - if [ -n "${LOGLEVEL[$1]}" ]; then - OPTIONS="${OPTIONS} --loglevel=${LOGLEVEL[$1]}" - fi - if [ -n "${LOGFILE[$1]}" ]; then - OPTIONS="${OPTIONS} --logfile=${LOGFILE[$1]}" - fi - $DAEMON $OPTIONS + $DAEMON ${DNSCRYPTCONFIG[$1]} } stop_instance() { - if [ -z ${PIDFILE[$1]} ]; then + if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then echo "No configuration for instance $1 found!" return fi - if [ ! -r ${PIDFILE[$1]} ]; then + PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}') + if [ -z ${PIDFILE} ]; then + echo "No PID configuration for instance $1 found!" + return + fi + if [ ! -r ${PIDFILE} ]; then echo "dnscrypt-proxy (instance $1) is not running!" return fi echo "Stopping dnscrypt-proxy (instance $1)..." - kill $(cat ${PIDFILE[$1]}) + kill $(cat ${PIDFILE}) } status_instance() { - if [ -z ${PIDFILE[$1]} ]; then + if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then echo "No configuration for instance $1 found!" return fi - if [ ! -r ${PIDFILE[$1]} ]; then + PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}') + if [ -z ${PIDFILE} ]; then + echo "No PID configuration for instance $1 found!" + return + fi + if [ ! -r ${PIDFILE} ]; then echo "dnscrypt-proxy (instance $1) is not running." return fi - PID=$(cat ${PIDFILE[$1]}) + PID=$(cat ${PIDFILE}) if [ -z "$PID" ]; then echo "PID file is empty! dnscrypt-proxy (instance $1) does not appear to be running, but there is a stale PID file." elif kill -0 $PID ; then @@ -122,21 +88,21 @@ status_instance() { } start() { - for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))` + for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))` do start_instance $i done } stop() { - for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))` + for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))` do stop_instance $i done } status() { - for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))` + for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))` do status_instance $i done |