Commit db2d2b64 authored by Tomas Krizek's avatar Tomas Krizek

doc: unify documented DoH port usage to 443

parent 668f7d87
......@@ -75,8 +75,6 @@ TLS connections.
.. _kresd-doh-socket-configuration:
To configure socket for DNS-over-HTTPS, make sure you have
``kresd-doh.socket`` installed (it might be part of a separate
``knot-resolver-module-http`` package). Then, you can configure its network
......@@ -147,6 +145,7 @@ configured in the config file.
net.listen(net.lo, 5353)
net.listen({net.eth0, ''}, 53853, { kind = 'tls' })
net.listen('::', 443, { kind = 'doh' }) -- see http module
net.listen('::', 8453, { kind = 'webmgmt' }) -- see http module
.. function:: net.close(address, [port])
......@@ -46,12 +46,12 @@ This integrated DoH server has following properties:
:ref:`Example configuration <mod-http-example>` is part of examples for generic
HTTP module. After configuring your endpoint you can reach the DoH endpoint using
URL ``https://your.resolver.hostname.example:44353/doh``, done!
URL ``https://your.resolver.hostname.example/doh``, done!
.. code-block:: bash
# query for AAAA
$ curl -k https://your.resolver.hostname.example:44353/doh?dns=l1sBAAABAAAAAAAAA3d3dw1rbm90LXJlc29sdmVyAmN6AAAcAAE
$ curl -k https://your.resolver.hostname.example/doh?dns=l1sBAAABAAAAAAAAA3d3dw1rbm90LXJlc29sdmVyAmN6AAAcAAE
Please see section :ref:`mod-http-tls` for further details about TLS configuration.
......@@ -43,46 +43,20 @@ Example configuration
Here we show how to configure web management API on loopback interface
on port 8453, and how to expose :ref:`mod-http-doh` endpoint on public IP addresses.
Modern distributions use systemd socket activation and thus IP addresses of endpoints
are configured using systemd. (Beware, CentOS 7 has too old version of systemd and
you have to configure IP addresses in Knot Resolver's configuration file instead.)
For network configuration when using systemd socket activation, refer to
:ref:`network-configuration`. Please note ``kresd-webmgmt.socket`` is
configured to listen on loopack interface on port 8453 by default and requires
no further configurtion.
If your distribution isn't using systemd socket activation (e.g. CentOS 7 or
macOS), use ``net.listen()`` and use kind ``doh`` for DNS-over-HTTPS and
``webmgmt`` for web management API.
.. warning:: Make sure you read section :ref:`mod-http-doh`
before copy&pasting this snippet.
.. code-block:: bash
# IP address configuration for modern systems
# with systemd socket activation (not CentOS 7)
# configuring DoH on public IP addresses, port 44353
$ vim /etc/systemd/system/kresd-doh.socket.d/override.conf
# /etc/systemd/system/kresd-doh.socket.d/override.conf
# configuring web management on loopback port 8453
$ vim /etc/systemd/system/kresd-webmgmt.socket.d/override.conf
# /etc/systemd/system/kresd-webmgmt.socket.d/override.conf
.. code-block:: lua
-- use net.listen() only on old systems like CentOS 7
-- which lack proper support for systemd socket activation
-- expose management interface on loopback
-- net.listen('', '8453', { kind = 'webmgmt' })
-- expose DoH on public interfaces
-- net.listen('', '44353', { kind = 'doh' })
-- net.listen('2001:db8::1', '44353', { kind = 'doh' })
-- load HTTP module with defaults (self-signed TLS cert)
-- optionally load geoIP database for server map
......@@ -8,4 +8,4 @@
......@@ -5,5 +5,5 @@
# ListenStream can be added multiple times.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment