systemd: use 44353 for DoH port

Using 443 as the default port presents too many packaging challenges.
DoH requires configuration to be useful anyway, so users are free to
override this value as they see fit.
parent 28967930
......@@ -65,11 +65,6 @@ package() {
install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
# mask kresd-doh.socket, kresd-webmgmt.socket by default (unmask if using http module)
install -d -m 0755 "${pkgdir}/etc/systemd/system"
ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-doh.socket"
ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-webmgmt.socket"
# remove modules with missing dependencies
rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
}
dev/null etc/systemd/system/kresd-doh.socket
usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
......
......@@ -192,12 +192,6 @@ rm %{buildroot}%{_unitdir}/kresd-doh.socket
rm %{buildroot}%{_unitdir}/kresd-webmgmt.socket
%endif
%if 0%{?fedora}
# mask kresd-doh.socket by default
install -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system
ln -s /dev/null %{buildroot}%{_sysconfdir}/systemd/system/kresd-doh.socket
%endif
# rename doc directory for centos, opensuse
%if "x%{?fedora}" == "x"
install -m 755 -d %{buildroot}/%{_pkgdocdir}
......@@ -302,7 +296,6 @@ getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysc
%if 0%{?fedora}
%{_unitdir}/kresd@.service.d/module-http.conf
%{_unitdir}/kresd-doh.socket
%{_sysconfdir}/systemd/system/kresd-doh.socket
%{_unitdir}/kresd-webmgmt.socket
%endif
%{_libdir}/knot-resolver/kres_modules/http
......
......@@ -3,7 +3,7 @@
blockinfile:
marker: -- {mark} ANSIBLE MANAGED BLOCK
block: |
net.listen('127.0.0.1', 443, { kind = 'doh' })
net.listen('127.0.0.1', 44353, { kind = 'doh' })
modules.load('http')
path: /etc/knot-resolver/kresd.conf
insertbefore: BOF
---
- name: doh_test query localhost. A
get_url:
url: https://127.0.0.1:443/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
dest: /tmp/doh_test
validate_certs: false
......@@ -8,8 +8,8 @@ Before=sockets.target
FreeBind=true
BindIPv6Only=both
FileDescriptorName=doh
ListenStream=[::1]:443
ListenStream=127.0.0.1:443
ListenStream=[::1]:44353
ListenStream=127.0.0.1:44353
Service=kresd@1.service
Slice=system-kresd.slice
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment