-
|
Adguard home configuration: http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:3000
session_ttl: 720h
users:
- name: xxxxxx
password: xxxxxxxx
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 53
anonymize_client_ip: false
ratelimit: 5
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- tls://dns.google
- https://dns.google/dns-query
- tls://dns11.quad9.net
- https://dns11.quad9.net/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 8.8.8.8
- 8.8.4.4
- 9.9.9.11
- 149.112.112.11
fallback_dns: []
all_servers: true
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: true
edns_client_subnet:
custom_ip: ""
enabled: true
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
tls:
enabled: true
server_name: dns.xxx.xxx
force_https: false
port_https: 8448
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: true
certificate_chain: |
-----BEGIN CERTIFICATE-----
xxxxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxxxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxxxx
-----END CERTIFICATE-----
private_key: |
-----BEGIN PRIVATE KEY-----
xxxxx
-----END PRIVATE KEY-----
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
ignored: []
interval: 1h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
ignored: []
interval: 168h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
whitelist_filters: []
user_rules:
- '||cisco.com^'
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: Local
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent:
- safe_search:
enabled: false
bing: true
duckduckgo: true
google: true
pixabay: true
yandex: true
youtube: true
blocked_services:
schedule:
time_zone: Local
ids: []
name: hacker
ids:
- 170.254.195.1/24
tags: []
upstreams: []
upstreams_cache_size: 0
upstreams_cache_enabled: false
use_global_settings: true
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
use_global_blocked_services: true
ignore_querylog: false
ignore_statistics: false
log:
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 27my Nginx configuration server {
listen 80;
listen 443 ssl http2;
server_name dns.xxx.xxx; #这里填写域名
index index.php index.html index.htm default.php default.htm default.html
root /usr/share/nginx/html; #网站根目录,指定一个空文件夹即可
#SSL-START SSL相关配置
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/dns.xxx.xxx/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/dns.xxx.xxx/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
ssl_early_data on;
#反向代理仪表盘
location ^~ / {
proxy_pass https://127.0.0.1:8448/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
#反向代理DoH
location ^~ /dns-query {
proxy_pass https://127.0.0.1:8448;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
}When I changed the nginx configuration of other sites and restarted nginx, DoH started not working. I really need help, thank you very much 🙏🙏 |
Beta Was this translation helpful? Give feedback.
Answered by
ainar-g
Dec 18, 2023
Replies: 1 comment
-
There's your problem, heh. I'm not sure what command or DNS client you're using, but in general you don't want |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
wayne0926
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's your problem, heh. I'm not sure what command or DNS client you're using, but in general you don't want
ANYqueries.