我正在尝试bind9在容器中的后面设置nginx reverse proxy。
基本 DNS 请求工作正常,但我对 DoH 感到困惑……
现在,dig +https @BASE_URL gnu.org出现此错误:
;; Connection to $IP#443($IP) for gnu.org failed: TLS error.
;; no servers could be reached
curl $BASE_URL:curl: (1) Received HTTP/0.9 when not allowed
curl --http0.9 $BASE_URL: 暂停。
/etc/nginx/conf.d/bind9.conf
server {
listen 80;
listen [::]:80;
server_name $BASE_URL;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $BASE_URL;
ssl_certificate /etc/letsencrypt/live/$BASE_URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$BASE_URL/privkey.pem;
location / {
proxy_pass http://bind9:80;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection $http_connection;
proxy_redirect off;
}
}
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { any; };
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
listen-on port 80 tls none http default { any; };
listen-on-v6 port 80 tls none http default { any; };
dnssec-validation auto;
};
Dockerfile
FROM docker.io/debian:12-slim
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bind9 \
&& rm -rf /var/lib/apt/lists/*
COPY named.conf.options /etc/bind/
VOLUME /var/cache/bind/
EXPOSE 53/tcp 53/udp
RUN chown -R bind:bind \
/etc/bind/ \
/var/cache/bind/
CMD ["/usr/sbin/named", "-f", "-d1", "-u", "bind"]
有什么想法吗?
谢谢。