74 lines
3.3 KiB
Plaintext
74 lines
3.3 KiB
Plaintext
# /etc/default/dnscrypt-wrapper
|
|
|
|
# This file contains the configuration settings for dnscrypt-wrapper. In the
|
|
# unusual event that you may wish to run multiple instances on the same
|
|
# machine, this file supports configuring and running multiple instances (see
|
|
# the bottom of this file for a sample secondary configuration).
|
|
|
|
# CHROOTDIR should be the same path as the USER's home directory.
|
|
# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
|
|
# this should be "/".
|
|
CHROOTDIR[0]="/run/dnscrypt"
|
|
#CHROOTDIR[0]="/"
|
|
|
|
# The address and (optional) port to listen on. The default port is 53.
|
|
LISTENADDRESS[0]="0.0.0.0:53"
|
|
|
|
# The pid file for this instance. PIDFILE must always be specified for each
|
|
# instance!
|
|
PIDFILE[0]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-0.pid"
|
|
|
|
# Runs the daemon as the following user and chroots to that user's home
|
|
# directory (this is a security feature -- it is best not to change this!)
|
|
USER[0]="dnscrypt"
|
|
#USER[0]="nobody"
|
|
|
|
# If DNSCRYPTDIR is set, it will look for files crypt_secret.key, public.key,
|
|
# and secret.key in the specified directory.
|
|
# CRYPTSECRETKEYFILE, PROVIDERPUBLICKEYFILE and PROVIDERSECRETKEYFILE will be
|
|
# ignored.
|
|
DNSCRYPTDIR[0]="/var/lib/dnscrypt-wrapper"
|
|
|
|
# Or, if DNSCRYPTDIR is unset, you can specify those files manually.
|
|
#CRYPTSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_secret.key"
|
|
#PROVIDERPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/public.key"
|
|
#PROVIDERSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/secret.key"
|
|
|
|
# PROVIDERNAME is the fully qualified domain name that identifies the server.
|
|
# For a LAN service the first example should work (you should replace hostname
|
|
# with your actual hostname since it will be used by clients). For a public
|
|
# service you should use a real domain like the second example.
|
|
PROVIDERNAME[0]="2.dnscrypt-cert.hostname.localdomain"
|
|
#PROVIDERNAME[0]="2.dnscrypt-cert.example.com"
|
|
|
|
# PROVIDERCERTFILE is the location of the pre-signed certificate generated. If
|
|
# you are running a public service, it may be desirable to omit this option and
|
|
# instead store the generated pre-signed certificate (binary string) in a TXT
|
|
# record for your provider name (set by PROVIDERNAME above) so that the
|
|
# certificate will be provided by a nameserver instead of directly by
|
|
# dnscrypt-wrapper. See /usr/doc/dnscrypt-wrapper-@VERSION@/README.md for more.
|
|
PROVIDERCERTFILE[0]="/var/lib/dnscrypt-wrapper/dnscrypt.cert"
|
|
|
|
# The address of the DNS resolver to use to forward requests. You will probably
|
|
# want to change this! If you run your own nameserver (or forwarder) you should
|
|
# point it there. You may wish to use the nameserver from /etc/resolv.conf.
|
|
RESOLVERADDRESS[0]="8.8.8.8:53"
|
|
|
|
# Allow and forward unauthenticated queries (not recommended). Defaults to off
|
|
# ("no").
|
|
#UNAUTHENTICATED[0]="no"
|
|
|
|
# Where to log.
|
|
LOGFILE[0]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper.log"
|
|
|
|
# A simple example configuration for a second instance
|
|
#CHROOTDIR[1]="/run/dnscrypt"
|
|
#LISTENADDRESS[1]="0.0.0.0:5353"
|
|
#PIDFILE[1]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-1.pid"
|
|
#USER[1]="dnscrypt"
|
|
#DNSCRYPTDIR[1]="/var/lib/dnscrypt-wrapper/1"
|
|
#PROVIDERNAME[1]="2.dnscrypt-cert.hostname.localdomain"
|
|
#PROVIDERCERTFILE[1]="/var/lib/dnscrypt-wrapper/1/dnscrypt.cert"
|
|
#RESOLVERADDRESS[1]="8.8.8.8:53"
|
|
#LOGFILE[1]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper-1.log"
|