dnsdist: Add DoH behind reverse proxy (and http) to guide

author Krombel <krombel@krombel.de>

Tue, 19 Nov 2019 14:56:49 +0000 (15:56 +0100)

committer Krombel <krombel@krombel.de>

Tue, 19 Nov 2019 15:00:01 +0000 (16:00 +0100)
author Krombel <krombel@krombel.de>
Tue, 19 Nov 2019 14:56:49 +0000 (15:56 +0100)
committer Krombel <krombel@krombel.de>
Tue, 19 Nov 2019 15:00:01 +0000 (16:00 +0100)
diff --git a/pdns/dnsdistdist/docs/guides/dns-over-https.rst b/pdns/dnsdistdist/docs/guides/dns-over-https.rst

index 2cf6fadbb85d5f65e830079ad1e39507a2cd0621..353ba944bf3d45813faeb4970546f64eb92d9630 100644 (file)
--- a/pdns/dnsdistdist/docs/guides/dns-over-https.rst
+++ b/pdns/dnsdistdist/docs/guides/dns-over-https.rst
@@ -31,3 +31,8 @@ A more complicated (and more realistic) example is when you want to indicate met
  
    addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', "/", {customResponseHeaders={["link"]="<https://example.com/policy.html> rel=\\"service-meta\\"; type=\\"text/html\\""}})
  
+In case you want to run DNS-over-HTTPS behind a reverse proxy you probably don't want to encrypt your traffic between reverse proxy and dnsdist.
+To let dnsdist listen for DoH queries over HTTP on localhost at port 8053 add one of the following to your config::
+
+  addDOHLocal("127.0.0.1:8053")
+  addDOHLocal("127.0.0.1:8053", nil, nil, "/", { reusePort=true })
+\ No newline at end of file
author	Krombel <krombel@krombel.de>
	Tue, 19 Nov 2019 14:56:49 +0000 (15:56 +0100)
committer	Krombel <krombel@krombel.de>
	Tue, 19 Nov 2019 15:00:01 +0000 (16:00 +0100)