From: Timothy Pillow Date: Mon, 4 Nov 2024 12:26:54 +0000 (+0100) Subject: Update dns-over-https.rst X-Git-Tag: rec-5.2.0-alpha1~10^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=081a40d497881f610089b1ee97ba43aa1a49f65b;p=thirdparty%2Fpdns.git Update dns-over-https.rst --- diff --git a/pdns/dnsdistdist/docs/guides/dns-over-https.rst b/pdns/dnsdistdist/docs/guides/dns-over-https.rst index 9d3ecdf401..d45ebc58bb 100644 --- a/pdns/dnsdistdist/docs/guides/dns-over-https.rst +++ b/pdns/dnsdistdist/docs/guides/dns-over-https.rst @@ -74,7 +74,26 @@ preferred library for incoming DoH support, because ``h2o`` has unfortunately re (see https://github.com/h2o/h2o/issues/3230). While we took great care to make the migration as painless as possible, ``h2o`` supported HTTP/1 while ``nghttp2`` does not. This is not an issue for actual DNS over HTTPS clients that support HTTP/2, but might be one in setups running dnsdist behind a reverse-proxy that does not support HTTP/2, like nginx. We do not plan on implementing HTTP/1, and recommend using HTTP/2 between the reverse-proxy and dnsdist for performance reasons. -For nginx in particular, a possible work-around is to use the `grpc_pass `_ directive as suggested in their `bug tracker `_. + +For nginx in particular, a possible work-around is to use the `grpc_pass `_ directive as suggested in their `bug tracker `_ e.g.:: + + location /dns-query { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dnsdist; + set $upstream_port 443; + set $upstream_proto grpc; + grpc_pass grpcs://$upstream_app:$upstream_port; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + } Internal design ^^^^^^^^^^^^^^^