mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2025-03-03 18:04:40 +01:00
Page:
Manually updating your DNSCrypt server
Pages
Anonymized DNS
Building dnscrypt proxy for jailbroken iOS
Building from source
Building the Android version on non Android OS
Checking
Cloaking
Combining Blocklists
Configuration Sources
Configuration
Connecting to a remote dnscrypt proxy client from Android Pie using DNS over TLS
DNS server sources
DNSCrypt server with vultr.com
Differences to v1
Filters
Forwarding
Home
How to setup your own DNSCrypt server in less than 10 minutes
Installation Gentoo
Installation Windows
Installation linux
Installation macOS
Installation on Alpine Linux
Installation on Arch Linux
Installation on Debian and Ubuntu
Installation on EdgeOS
Installation on OpenWrt
Installation on Pi hole
Installation pfsense
Installation
Load Balancing Options
Local DoH
Logging
Manually updating your DNSCrypt server
Oblivious DoH
Performance
Public blacklists
Public blocklist
Setting up dnscrypt proxy on Gentoo Linux based gateway
Stamps
Takeup hub
Updates
Windows NCSI
dnscrypt proxy in the media
planned features
systemd
No results
7
Manually updating your DNSCrypt server
Frank Denis edited this page 2019-09-24 17:54:11 +02:00
Table of Contents
This guide assumes you're using the jedisct1/dnscrypt-server docker image to run the server.
If you prefer to automate this you can use v2tec/watchtower.
Manually updating dnscrypt-server
- Back up the keys if you haven't already done so:
docker cp dnscrypt-server:/opt/dnscrypt-wrapper/etc/keys ~
# We don't need the short-term keys
rm -rf ~/keys/short-term
- Pull the new images:
docker pull jedisct1/dnscrypt-server
- Stop the current dnscrypt-server container (and make sure to switch from this server in dnscrypt-proxy if you're using it):
docker stop dnscrypt-server
# Check that it's not running
docker ps
- Run a new dnscrypt-server container (called dnscrypt-server-new):
export SERVER="$(cat ~/keys/provider_name | cut -d. -f3-)"
export SERVER_IP="<replace with your external server IP address without the port>"
docker run --ulimit nofile=90000:90000 --name=dnscrypt-server-new -p 443:443/udp -p 443:443/tcp --net=host jedisct1/dnscrypt-server init -N $SERVER -E $SERVER_IP:443
docker update --restart=unless-stopped dnscrypt-server-new
- Restore the keys to the new container (first deleting the short-term keys):
docker start dnscrypt-server-new
docker exec dnscrypt-server-new rm -rf /opt/dnscrypt-wrapper/etc/keys/short-term
docker cp ~/keys/. dnscrypt-server-new:/opt/dnscrypt-wrapper/etc/keys
docker restart dnscrypt-server-new
- Now check that it's working:
docker ps
docker logs dnscrypt-server-new
- After testing that it's working properly you can remove the old container, images and volume, and then rename the new one:
# This command will ask for confirmation
docker system prune -a --volumes
# Check that dnscrypt-server-new is the only container
docker ps -a
docker rename dnscrypt-server-new dnscrypt-server
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)