From: Krombel <krombel@krombel.de>
Date: Tue, 19 Nov 2019 14:56:49 +0000 (+0100)
Subject: dnsdist: Add DoH behind reverse proxy (and http) to guide
X-Git-Tag: auth-4.3.0-alpha1~35^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1e1341bb4e1fe2ad8b53ef4fc02f5072470ef81;p=thirdparty%2Fpdns.git

dnsdist: Add DoH behind reverse proxy (and http) to guide
---

diff --git a/pdns/dnsdistdist/docs/guides/dns-over-https.rst b/pdns/dnsdistdist/docs/guides/dns-over-https.rst
index 2cf6fadbb8..353ba944bf 100644
--- a/pdns/dnsdistdist/docs/guides/dns-over-https.rst
+++ b/pdns/dnsdistdist/docs/guides/dns-over-https.rst
@@ -31,3 +31,8 @@ A more complicated (and more realistic) example is when you want to indicate met
 
   addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', "/", {customResponseHeaders={["link"]="<https://example.com/policy.html> rel=\\"service-meta\\"; type=\\"text/html\\""}})
 
+In case you want to run DNS-over-HTTPS behind a reverse proxy you probably don't want to encrypt your traffic between reverse proxy and dnsdist.
+To let dnsdist listen for DoH queries over HTTP on localhost at port 8053 add one of the following to your config::
+
+  addDOHLocal("127.0.0.1:8053")
+  addDOHLocal("127.0.0.1:8053", nil, nil, "/", { reusePort=true })
\ No newline at end of file