diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml index 9e1fdd9..c3b25af 100644 --- a/conf/AdGuardHome.yaml +++ b/conf/AdGuardHome.yaml @@ -80,7 +80,7 @@ tls: port_dns_over_quic: 784 port_dnscrypt: 0 dnscrypt_config_file: "" - allow_unencrypted_doh: false + allow_unencrypted_doh: true strict_sni_check: false certificate_chain: "" private_key: "" diff --git a/conf/nginx.conf b/conf/nginx.conf index c4d82af..3a3bff2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -17,8 +17,13 @@ location __PATH__/ { include conf.d/yunohost_panel.conf.inc; } -#location ~ .*.(gif|jpg|jpeg|png|bmp|swf|css|js)$ { -# proxy_pass http://127.0.0.1:__PORT__; -# proxy_set_header Host $host; -# proxy_set_header X-Forwarded-For $remote_addr; -# } +location /dns-query { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_buffering on; + proxy_http_version 1.1; + proxy_read_timeout 6s; + proxy_connect_timeout 6s; + proxy_pass http://127.0.0.1:__PORT__/dns-query; +} diff --git a/scripts/install b/scripts/install index eeb5b06..cca67f4 100644 --- a/scripts/install +++ b/scripts/install @@ -185,6 +185,13 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add $app --description="Ads & trackers blocking DNS server" +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." + +ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" + #================================================= # START SYSTEMD SERVICE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 3d1aeb6..41c6430 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,6 +37,11 @@ if [ "$adguard_port" -ne "53" ]; then ynh_app_setting_set --app=$app --key=adguard_port --value=$adguard_port fi +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #=================================================