wn/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: wn:master
Branches Tags
wn:master
wn:publish
wn:with_nghttp2
wn:1.0.0
..
compare: wn:with_nghttp2
Branches Tags
wn:master
wn:publish
wn:with_nghttp2
wn:1.0.0

No commits in common. "master" and "with_nghttp2" have entirely different histories.
master ... with_nghtt

7 changed files with 27 additions and 89 deletions
Show Stats Expand all files Collapse all files

44
.gitlab-ci.yml
View File

@ -1,40 +1,4 @@
stages: include:
- build - project: dockerized/commons
ref: master
variables: file: gitlab-ci-template.yml
IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH
HUB_IMAGE_NAME: $DOCKER_HUB_LOGIN/$CI_PROJECT_NAME
build:
image: registry.hottis.de/dockerized/docker-bash:latest
stage: build
tags:
- hottis
- linux
- docker
only:
- publish
script:
- VERSION=`cat VERSION`
- UPSTREAM_RELEASE_TAG=`cat UPSTREAM_RELEASE_TAG`
- docker build --tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
--tag $IMAGE_NAME:latest
--tag $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
--tag $IMAGE_NAME:${VERSION}
--build-arg UNBOUND_TAG=${UPSTREAM_RELEASE_TAG}
.
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker push $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker push $IMAGE_NAME:latest
- docker push $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker push $IMAGE_NAME:${VERSION}
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:latest
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}
- docker push $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker push $HUB_IMAGE_NAME:latest
- docker push $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker push $HUB_IMAGE_NAME:${VERSION}

6
Dockerfile
View File

@ -1,8 +1,5 @@
FROM alpine:3.13 AS builder FROM alpine:3.13 AS builder
ARG UNBOUND_TAG="this_invalid_tag_certainly_does_not_exist"
ARG UNBOUND_CLONE_URL="https://github.com/NLnetLabs/unbound.git"
RUN \ RUN \
apk update && \ apk update && \
apk add alpine-sdk && \ apk add alpine-sdk && \
@ -13,7 +10,7 @@ RUN \
apk add libevent-dev && \ apk add libevent-dev && \
mkdir build && \ mkdir build && \
cd build && \ cd build && \
git clone --branch ${UNBOUND_TAG} ${UNBOUND_CLONE_URL} && \ git clone https://github.com/NLnetLabs/unbound.git && \
cd unbound && \ cd unbound && \
./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \ ./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \
make && \ make && \
@ -35,7 +32,6 @@ COPY unbound.conf /etc/unbound/unbound.conf
EXPOSE 53/udp EXPOSE 53/udp
EXPOSE 53/tcp EXPOSE 53/tcp
EXPOSE 443/tcp
EXPOSE 853/tcp EXPOSE 853/tcp
VOLUME /etc/unbound VOLUME /etc/unbound

1
UPSTREAM_RELEASE_TAG
View File

@ -1 +0,0 @@
release-1.13.2

1
VERSION
View File

@ -1 +0,0 @@
1.0.1

6
readme.md
View File

@ -1,6 +0,0 @@
This project provides a Docker image containing the unbound nameserver
in an Alpine Linux base.
unbound will be build including the DNSSEC, DNS-over-HTTPS and DNS-over-TLS features.

9
start.sh
View File

@ -1,9 +0,0 @@
docker run \
-it \
--rm \
-v $PWD/etc:/etc/unbound \
--name unbound \
-p 53:53/udp \
-p 53:53/tcp \
-p 853:853/tcp \
registry.hottis.de/dockerized/unbound:latest

49
unbound.conf
View File

@ -1,42 +1,37 @@
server: server:
chroot: /etc/unbound interface: 0.0.0.0
do-ip4: yes do-ip4: yes
do-ip6: no do-ip6: no
interface: 0.0.0.0@53
port: 53
# tls-upstream: yes
# tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# initially create using unbound-anchor -a /etc/unbound/root.key
auto-trust-anchor-file: /etc/unbound/root.key
# can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md
tls-service-key: /etc/unbound/privkey.pem
tls-service-pem: /etc/unbound/pubcert.pem
interface: 0.0.0.0@853
tls-port: 853
interface: 0.0.0.0@443
https-port: 443
num-threads: 2
# curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
root-hints: /etc/unbound/root.hints
do-daemonize: no do-daemonize: no
verbosity: 1 verbosity: 1
logfile: "" logfile: ""
log-time-ascii: yes log-time-ascii: yes
log-queries: no log-queries: yes
log-replies: no log-replies: yes
access-control: 172.16.0.0/16 allow access-control: 172.16.0.0/16 allow
access-control: 10.200.200.0/24 allow access-control: 10.200.200.0/24 allow
access-control: 172.17.0.0/16 allow access-control: 172.17.0.0/16 allow
local-zone: "nober.de." transparent
local-data: "base.hv.nober.de. IN A 192.0.2.51"
local-data: "api.hv.nober.de. IN A 192.0.2.51"
local-zone: "hottis.de." transparent local-zone: "hottis.de." transparent
local-data: "home.hottis.de. IN A 172.16.10.41" local-data: "authservice.hottis.de. IN A 172.16.10.41"
local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
local-data: "smarthome.hottis.de. IN A 172.16.10.41"
local-data: "registry.hottis.de. IN A 172.16.10.41"
local-data: "home.hottis.de. IN A 172.16.1.11"
local-data: "repo.hottis.de. IN A 172.16.1.11"
local-data: "sink.hottis.de. IN A 172.16.10.42"
local-data: "brkrint.hottis.de. IN A 172.16.2.16"
local-zone: "mainscnt.eu." transparent
local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"
local-data: "wiki.mainscnt.eu. IN A 172.16.10.41"
local-data: "broker.mainscnt.eu. IN A 172.16.10.40"
local-data: "db.mainscnt.eu. IN A 172.16.10.27"