Created
November 29, 2018 23:06
-
-
Save goofball222/62fd016cbecca40f4fded34f013d4f81 to your computer and use it in GitHub Desktop.
Unbound stack docker-compose.yml for Android Private DNS ad filtering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
unbound: | |
image: mvance/unbound | |
container_name: unbound | |
restart: unless-stopped | |
networks: | |
external: | |
ports: | |
- 853:853/tcp | |
- 853:853/udp | |
volumes: | |
- /etc/localtime:/etc/localtime:ro | |
# Unbound needs a trusted root certificates store to validate remote endpoints against. Pull in the host system copy. | |
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro | |
# Unbound needs a persistent place to store and retrieve its configuration. | |
- ./unbound:/opt/unbound/etc/unbound | |
# Unbound needs a valid certificate and private key to use to encrypt the TLS connections. | |
# Pull in LetsEncrypt cert and key **READ ONLY** for DNS-over-TLS hostname(s). | |
# Requested by certbot directly on the Docker host. Kept up-to-date via scripted CRON job. | |
- /etc/letsencrypt/live/<le-dns.host.name>/fullchain.pem:/etc/ssl/certs/cert.pem:ro | |
- /etc/letsencrypt/live/<le-dns.host.name>/privkey.pem:/etc/ssl/certs/key.pem:ro | |
environment: | |
- TZ=UTC | |
dns-over-https: | |
image: goofball222/dns-over-https | |
container_name: dns-over-https | |
restart: unless-stopped | |
networks: | |
external: | |
volumes: | |
- /etc/localtime:/etc/localtime:ro | |
# DNS-over-HTTPS requires a mapped volume for persistent configuration storage, both client and server. | |
- ./dns-over-https:/opt/dns-over-https/conf | |
environment: | |
- TZ=UTC | |
labels: | |
- traefik.backend=dns-over-https | |
- traefik.frontend.rule=Host:<le-dns.host.name>,<le-dns-alternate.host.name> | |
- traefik.port=8053 | |
- traefik.docker.network=proxy | |
- traefik.enable=true | |
networks: | |
# Attach stack to external "proxy" network for Traefik | |
external: | |
external: | |
name: proxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment