-
-
Notifications
You must be signed in to change notification settings - Fork 208
Configuration of HTTPS for DoH and Rest API
Peter Dave Hello edited this page Apr 2, 2022
·
5 revisions
If blocky is reachable from the internet, you should configure HTTPS for HTTP endpoints (REST API, Prometheus, ...). For DNS over HTTPS (DoH) the encryption is mandatory.
For docker setup it is recommended to use reverse proxy (Traefik, Caddy, Nginx, ...) to manage and renew certificates.
This example shows, how to generate Let's encrypt wildcard certificate with DuckDNS free domain (DNS challenge) and how to configure blocky.
- register domain at DuckDNS, get your TOKEN
- install Lego
- set environment variable
DUCKDNS_TOKEN
with your tokenDUCKDNS_TOKEN=1df927c4-CENSORED
- execute
lego --domains '*.DOMAIN.duckdns.org' --email [email protected] --dns duckdns -a run
- copy generated fullchain.pem and privkey.pem (typically from .lego/certificates) into your blocky's directory and adjust permissions (run user should have read permissions)
- enable HTTPS by setting
httpsPort: 443
in config.yml - enable TLS by setting
tlsPort: 853
- set paths to certificate and the private key in config.yml
certFile: yourfile.crt
keyFile: yourfile.key