diff --git a/DnsServerCore/DnsWebService.cs b/DnsServerCore/DnsWebService.cs index 46c8b080..1a0f09c9 100644 --- a/DnsServerCore/DnsWebService.cs +++ b/DnsServerCore/DnsWebService.cs @@ -268,6 +268,18 @@ private void LoadConfigFile() string webServiceUseSelfSignedTlsCertificate = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT"); if (!string.IsNullOrEmpty(webServiceUseSelfSignedTlsCertificate)) _webServiceUseSelfSignedTlsCertificate = bool.Parse(webServiceUseSelfSignedTlsCertificate); + + string webServiceTlsCertificatePath = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH"); + if (!string.IsNullOrEmpty(webServiceTlsCertificatePath)) + _webServiceTlsCertificatePath = webServiceTlsCertificatePath; + + string webServiceTlsCertificatePassword = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD"); + if (!string.IsNullOrEmpty(webServiceTlsCertificatePassword)) + _webServiceTlsCertificatePassword = webServiceTlsCertificatePassword; + + string webServiceHttpToTlsRedirect = Environment.GetEnvironmentVariable("DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT"); + if (!string.IsNullOrEmpty(webServiceHttpToTlsRedirect)) + _webServiceHttpToTlsRedirect = bool.Parse(webServiceHttpToTlsRedirect); SaveConfigFileInternal(); } diff --git a/DockerEnvironmentVariables.md b/DockerEnvironmentVariables.md index b81140d3..7ee0e6de 100644 --- a/DockerEnvironmentVariables.md +++ b/DockerEnvironmentVariables.md @@ -6,25 +6,28 @@ NOTE! These environment variables are read by the DNS server only when the DNS c The environment variables are described below: -| Environment Variable | Type | Description | -| ------------------------------------------ | ------- | -----------------------------------------------------------------------------------------------------------------------------------------| -| DNS_SERVER_DOMAIN | String | The primary domain name used by this DNS Server to identify itself. | -| DNS_SERVER_ADMIN_PASSWORD | String | The DNS web console admin user password. | -| DNS_SERVER_ADMIN_PASSWORD_FILE | String | The path to a file that contains a plain text password for the DNS web console admin user. | -| DNS_SERVER_PREFER_IPV6 | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled. | -| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES | String | A comma separated list of IP addresses for the DNS web console to listen on. | -| DNS_SERVER_WEB_SERVICE_HTTP_PORT | Integer | The TCP port number for the DNS web console over HTTP protocol. | -| DNS_SERVER_WEB_SERVICE_HTTPS_PORT | Integer | The TCP port number for the DNS web console over HTTPS protocol. | -| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS | Boolean | Enables HTTPS for the DNS web console. | -| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT| Boolean | Enables self signed TLS certificate for the DNS web console. | -| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx. | -| DNS_SERVER_RECURSION | String | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`. | -| DNS_SERVER_RECURSION_NETWORK_ACL | String | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. | -| DNS_SERVER_RECURSION_DENIED_NETWORKS | String | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. | -| DNS_SERVER_RECURSION_ALLOWED_NETWORKS | String | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. | -| DNS_SERVER_ENABLE_BLOCKING | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone. | -| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. | -| DNS_SERVER_BLOCK_LIST_URLS | String | A comma separated list of block list URLs. | -| DNS_SERVER_FORWARDERS | String | A comma separated list of forwarder addresses. | -| DNS_SERVER_FORWARDER_PROTOCOL | String | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`. | -| DNS_SERVER_LOG_USING_LOCAL_TIME | Boolean | Enable this option to use local time instead of UTC for logging. | +| Environment Variable | Type | Description | +| ---------------------------------------------- | ------- | -----------------------------------------------------------------------------------------------------------------------------------------| +| DNS_SERVER_DOMAIN | String | The primary domain name used by this DNS Server to identify itself. | +| DNS_SERVER_ADMIN_PASSWORD | String | The DNS web console admin user password. | +| DNS_SERVER_ADMIN_PASSWORD_FILE | String | The path to a file that contains a plain text password for the DNS web console admin user. | +| DNS_SERVER_PREFER_IPV6 | Boolean | DNS Server will use IPv6 for querying whenever possible with this option enabled. | +| DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES | String | A comma separated list of IP addresses for the DNS web console to listen on. | +| DNS_SERVER_WEB_SERVICE_HTTP_PORT | Integer | The TCP port number for the DNS web console over HTTP protocol. | +| DNS_SERVER_WEB_SERVICE_HTTPS_PORT | Integer | The TCP port number for the DNS web console over HTTPS protocol. | +| DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS | Boolean | Enables HTTPS for the DNS web console. | +| DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT | Boolean | Enables self signed TLS certificate for the DNS web console. | +| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH | String | The file path to the TLS certificate for the DNS web console. | +| DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD| String | The password for the TLS certificate for the DNS web console. | +| DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT | Boolean | Enables HTTP to HTTPS redirection for the DNS web console. | +| DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP | Boolean | Enables DNS server optional protocol DNS-over-HTTP on TCP port 80 to be used with a TLS terminating reverse proxy like nginx. | +| DNS_SERVER_RECURSION | String | Recursion options: `Allow`, `Deny`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`. | +| DNS_SERVER_RECURSION_NETWORK_ACL | String | A comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option. | +| DNS_SERVER_RECURSION_DENIED_NETWORKS | String | A comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. | +| DNS_SERVER_RECURSION_ALLOWED_NETWORKS | String | A comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead. | +| DNS_SERVER_ENABLE_BLOCKING | Boolean | Sets the DNS server to block domain names using Blocked Zone and Block List Zone. | +| DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT | Boolean | Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. | +| DNS_SERVER_BLOCK_LIST_URLS | String | A comma separated list of block list URLs. | +| DNS_SERVER_FORWARDERS | String | A comma separated list of forwarder addresses. | +| DNS_SERVER_FORWARDER_PROTOCOL | String | Forwarder protocol options: `Udp`, `Tcp`, `Tls`, `Https`, `HttpsJson`. | +| DNS_SERVER_LOG_USING_LOCAL_TIME | Boolean | Enable this option to use local time instead of UTC for logging. | diff --git a/docker-compose.yml b/docker-compose.yml index dfdbfce4..205de3dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,6 +27,9 @@ services: # - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol. # - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console. # - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console. + # - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/etc/dns/tls/cert.pfx #The file path to the TLS certificate for the DNS web console. + # - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD=password #The password for the TLS certificate for the DNS web console. + # - DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT=false #Enables HTTP to HTTPS redirection for the DNS web console. # - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx. # - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL. # - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.