Im trying to set up a reverse proxy so that I can use lighttpd and bind on the same machine, both on port 80.
lighttpd's documentation on this matter is so incredibly vague, that Im considering ditching it altogether, as to be honest, EVERY SINGLE THING is harder to configure in lighttpd.
Is anyone else running DoH via their webserver using bind?
AFAICT, all I need is something like:
$HTTP["url"] =~ "^/dns-query" {
proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "1443" ) ) )
}
and indeed, SOMETHING is hitting bind - if I replace it with netcat, I can see the headers, which look like:
00000010 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 |HTTP/1.1..Host: |
00000020 6e 73 31 2e 77 65 79 72 2e 6f 72 67 2e 75 6b 0d |ns1.weyr.org.uk.|
00000030 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 61 |.content-type: a|
00000040 70 70 6c 69 63 61 74 69 6f 6e 2f 64 6e 73 2d 6d |pplication/dns-m|
00000050 65 73 73 61 67 65 0d 0a 61 63 63 65 70 74 3a 20 |essage..accept: |
00000060 61 70 70 6c 69 63 61 74 69 6f 6e 2f 64 6e 73 2d |application/dns-|
00000070 6d 65 73 73 61 67 65 0d 0a 63 6f 6e 74 65 6e 74 |message..content|
00000080 2d 6c 65 6e 67 74 68 3a 20 35 34 0d 0a 63 61 63 |-length: 54..cac|
00000090 68 65 2d 63 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 |he-control: no-c|
000000a0 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 |ache, no-store, |
000000b0 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d |must-revalidate.|
000000c0 0a 58 2d 46 6f 72 77 61 72 64 65 64 2d 46 6f 72 |.X-Forwarded-For|
000000d0 3a 20 38 31 2e 31 38 37 2e 32 34 2e 31 31 35 0d |: 81.187.24.115.|
000000e0 0a 58 2d 48 6f 73 74 3a 20 6e 73 31 2e 77 65 79 |.X-Host: ns1.wey|
000000f0 72 2e 6f 72 67 2e 75 6b 0d 0a 58 2d 46 6f 72 77 |r.org.uk..X-Forw|
00000100 61 72 64 65 64 2d 48 6f 73 74 3a 20 6e 73 31 2e |arded-Host: ns1.|
00000110 77 65 79 72 2e 6f 72 67 2e 75 6b 0d 0a 58 2d 46 |weyr.org.uk..X-F|
00000120 6f 72 77 61 72 64 65 64 2d 50 72 6f 74 6f 3a 20 |orwarded-Proto: |
00000130 68 74 74 70 73 0d 0a 43 6f 6e 6e 65 63 74 69 6f |https..Connectio|
00000140 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a b4 1a 01 20 |n: close....... |
00000150 00 01 00 00 00 00 00 01 06 6d 6f 6c 74 6f 6e 03 |.........molton.|
00000160 6f 72 67 02 75 6b 00 00 0f 00 01 00 00 29 04 d0 |org.uk.......)..|
00000170 00 00 00 00 00 0c 00 0a 00 08 36 76 ac 89 9f 45 |..........6v...E|
00000180 80 c1 |..|
Someone please spare my hair / sanity?
Or should I give up and switch to nginx?
Kacey reshared this.
Joelle
•Ian Molton
Isn't nginx supposed to be good at being a reverse proxy?
I'm going to have to switch to DNS -01 for my let's encrypt anyway
Joelle likes this.
Joelle
•Ian Molton
I wonder how binds developers envisioned this working?
Surely they weren't dumb enough to think that people wouldn't be running web servers...
Where is the option to have it simply spit the answer out, for transmission by the webserver? Why does it have to act all coy about it?
Ian Molton
Ian Molton
Kacey
•Ian Molton likes this.
Ian Molton
I got it working with nginx. On pretty much the first try.
I have no idea why lighttpd has to make it's config file Syntax so totally impenetrable.
Exim is another one with weirdly difficult syntax, but I can cope with that one. Just.
Why does everyone feel the need to reinvent config file parsing?
Ian Molton
Ian Molton
Ian Molton
I switched to nginx.
Worked first try.
Seems to use http2.
Wonder if it can do http3?