mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 02:14:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Small changes in the localhost.pem file description.

szemley 2021-04-07 16:21:10 +00:00
parent 59bef4b76b
commit 55fbb19cbc
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Local-DoH.md

@ -4,16 +4,16 @@ In addition to responding to standard DNS queries, `dnscrypt-proxy` can also act
In particular, this means that Firefox can be configured to use it, so that it will accept to enable ECH (previously known as ESNI) without bypassing your DNS proxy.
In order to enable this, the first thing you need is a certificate. Since this is just for local usage, you can use [that example one](https://raw.githubusercontent.com/DNSCrypt/dnscrypt-proxy/master/dnscrypt-proxy/localhost.pem) or create your own with:
In order to enable this, the first thing you need is a self-signed certificate. Since this is just for local usage, you can use [that example one](https://raw.githubusercontent.com/DNSCrypt/dnscrypt-proxy/master/dnscrypt-proxy/localhost.pem) or create your own with:
```sh
openssl req -x509 -nodes -newkey rsa:2048 -days 5000 -sha256 -keyout \
localhost.pem -out localhost.pem
```
During generating a RSA private key, you will be aksed to answer various questions (`Country Name`, `Organization Name`, `Email Address` and so on). However, these input fields can be empty or left to their default value.
During generating RSA private key, you will be aksed to answer some questions (e.g. `Country Name`, `Organization Name`, `Email Address` and so on). However, answers fields can be empty or left to the default values.
Next, edit the configuration file, look for the `local_doh` section and uncomment the relevant lines:
Next, edit `dnscrypt-proxy.toml` configuration file, look for the `local_doh` section and uncomment the relevant lines:
```toml
[local_doh]
@ -23,9 +23,9 @@ cert_file = "localhost.pem"
cert_key_file = "localhost.pem"
```
The path to the `localhost.pem` file should be set in the `cert_file` and `cert_key_file` properties of the `dnscrypt-proxy.toml` configuration file. Also make sure that `localhost.pem` is readable by the `dnscrypt-proxy` user.
The path to the `localhost.pem` file, should be set in the `cert_file` and `cert_key_file` options. You should also protect `localhost.pem` file - make sure it's readable only by the `dnscrypt-proxy` user (e.g. change file owner, using `chown(1)` command). Please note that - for example - in Ubuntu distribution, username has such a form: `_dnscrypt-proxy`. As we can see, there is an underscore sign used.
Now, `dnscrypt-proxy` should be restarted. With the settings above, the URL of the local DoH server would be `https://127.0.0.1:3000/dns-query`. Here is a small exception of the system logs/status:
Now, `dnscrypt-proxy` should be restarted. With the above settings, the URL of the local DoH server would be `https://127.0.0.1:3000/dns-query`. Here is a small exception of the system logs/status:
```text
[NOTICE] Now listening to https://127.0.0.1:3000/dns-query [DoH]