search

DNSCrypt / dnscrypt-server-docker

A Docker image for a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver
https://dnscrypt.info
ISC License
670 stars 135 forks source link

How to use a port different than 443 #76

Closed prismplex closed 4 years ago

prismplex commented 4 years ago

Hi everybody, hopefully somebody can help me out. About a year ago I started using the dnscrypt-server docker container and it worked perfectly. After an update a few months ago I am getting a timeout to my server and I really don't know what is the problem. Using this docker command:

sudo docker run --name=dnscrypt-server -p 8888:443/udp -p 8888:443/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \
-v /home/xxx/docker/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N prxxxxx.tech -E 24.xxx.xxx.xxx:8888

The firewall of the server and the router are both properly configured (+ it already worked in the past), I already tried to reset all my server keys with no success. Maybe I missed some important information concerning updating/upgrading. Thank you!

jedisct1 commented 4 years ago

What files do you have in /home/xxx/docker/dnscrypt-server/keys?

prismplex commented 4 years ago

These files, were generated by the container when it was initialized: keys

jedisct1 commented 4 years ago

New keys were created because the previous keys were not present in the directory.

prismplex commented 4 years ago

Yeah, I know. But with new keys it is not working either. (Of course I changed the client configs accordingly)

On 24 November 2019 14:23:45 CET, Frank Denis notifications@github.com wrote:

New keys were created because the previous keys were not present in the directory.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/DNSCrypt/dnscrypt-server-docker/issues/76#issuecomment-557888128

jedisct1 commented 4 years ago

Maybe scrape Docker and use the server directly? https://github.com/jedisct1/encrypted-dns-server

(sorry I don't know much about Docker)

prismplex commented 4 years ago

I would like to run it as a docker container as it is much easier to deploy... I really do not understand why I am not able to reach the container from the outside as it seems to work properly according to the logs (firewall and everything is properly configured, all other containers can be reached from the outside) Also tried to add the --cap-add=NET_ADMIN with no success.

jedisct1 commented 4 years ago

-p 8888:443/udp -p 8888:443/tcp sounds fishy. If you changed the port to 8888, maybe it should be -p 8888:8888/udp -p 8888:8888/tcp.

prismplex commented 4 years ago

Ok wow, thank you, that worked. Thought that 443 is the internal docker port and it would not adapt to port changes. (Read through other issues here etc.) But it turns out, that it adapts automatically. Complete command for everybody searching for "How to run dnscrypt-server on another port than 443? (with enabled metrics)"

sudo docker run --name=dnscrypt-server -p 8888:8888/udp -p 8888:8888/tcp -p 9200:9200/tcp \
--ulimit nofile=90000:90000 --restart=unless-stopped \
-v /directory/to/your/dnscrypt-server/keys:/opt/encrypted-dns/etc/keys \
jedisct1/dnscrypt-server init -N pxxxxxx.tech -E 24.134.225.237:8888 -M 0.0.0.0:9200