blob: 2d3a85bad3d9eb2786a39a56b170e6cd53b07caf (
plain)
# /etc/default/dnscrypt-wrapper
# This file contains the configuration settings for dnscrypt-wrapper. In the
# unusual event that you may wish to run multiple instances on the same
# machine, this file supports configuring and running multiple instances (see
# the bottom of this file for a sample secondary configuration).
# CHROOTDIR should be the same path as the USER's home directory.
# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
# this should be "/".
CHROOTDIR[0]="/run/dnscrypt"
#CHROOTDIR[0]="/"
# The address and (optional) port to listen on. The default port is 53.
LISTENADDRESS[0]="0.0.0.0:53"
# The pid file for this instance. PIDFILE must always be specified for each
# instance!
PIDFILE[0]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-0.pid"
# Runs the daemon as the following user and chroots to that user's home
# directory (this is a security feature -- it is best not to change this!)
USER[0]="dnscrypt"
#USER[0]="nobody"
# If DNSCRYPTDIR is set, it will look for files crypt_secret.key, public.key,
# and secret.key in the specified directory.
# CRYPTSECRETKEYFILE, PROVIDERPUBLICKEYFILE and PROVIDERSECRETKEYFILE will be
# ignored.
DNSCRYPTDIR[0]="/var/lib/dnscrypt-wrapper"
# Or, if DNSCRYPTDIR is unset, you can specify those files manually.
#CRYPTSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_secret.key"
#PROVIDERPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/public.key"
#PROVIDERSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/secret.key"
# PROVIDERNAME is the fully qualified domain name that identifies the server.
# For a LAN service the first example should work (you should replace hostname
# with your actual hostname since it will be used by clients). For a public
# service you should use a real domain like the second example.
PROVIDERNAME[0]="2.dnscrypt-cert.hostname.localdomain"
#PROVIDERNAME[0]="2.dnscrypt-cert.example.com"
# PROVIDERCERTFILE is the location of the pre-signed certificate generated. If
# you are running a public service, it may be desirable to omit this option and
# instead store the generated pre-signed certificate (binary string) in a TXT
# record for your provider name (set by PROVIDERNAME above) so that the
# certificate will be provided by a nameserver instead of directly by
# dnscrypt-wrapper. See /usr/doc/dnscrypt-wrapper-@VERSION@/README.md for more.
PROVIDERCERTFILE[0]="/var/lib/dnscrypt-wrapper/dnscrypt.cert"
# The address of the DNS resolver to use to forward requests. You will probably
# want to change this! If you run your own nameserver (or forwarder) you should
# point it there. You may wish to use the nameserver from /etc/resolv.conf.
RESOLVERADDRESS[0]="8.8.8.8:53"
# Allow and forward unauthenticated queries (not recommended). Defaults to off
# ("no").
#UNAUTHENTICATED[0]="no"
# Where to log.
LOGFILE[0]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper.log"
# A simple example configuration for a second instance
#CHROOTDIR[1]="/run/dnscrypt"
#LISTENADDRESS[1]="0.0.0.0:5353"
#PIDFILE[1]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-1.pid"
#USER[1]="dnscrypt"
#DNSCRYPTDIR[1]="/var/lib/dnscrypt-wrapper/1"
#PROVIDERNAME[1]="2.dnscrypt-cert.hostname.localdomain"
#PROVIDERCERTFILE[1]="/var/lib/dnscrypt-wrapper/1/dnscrypt.cert"
#RESOLVERADDRESS[1]="8.8.8.8:53"
#LOGFILE[1]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper-1.log"
|
