Compare commits

...

8 Commits

Author SHA1 Message Date
e387f2810c minor fix in Dockerfile, expose https port 2021-10-28 11:56:30 +02:00
6dd5b5e143 fix sample configuration 2021-10-28 11:53:29 +02:00
98ccd864b5 readme 2021-10-28 11:50:37 +02:00
f56d19f8f1 fix 2021-10-28 11:41:06 +02:00
db8d422cf9 new ci approach 2021-10-28 11:38:59 +02:00
Wolfgang Hottgenroth
6ca9c2ad48
add readme 2021-10-27 14:29:30 +02:00
Wolfgang Hottgenroth
c69b4b4fb5
comments in configuration 2021-10-27 14:27:11 +02:00
Wolfgang Hottgenroth
7f9ae80fb8
merged to master again 2021-10-27 13:47:17 +02:00
7 changed files with 89 additions and 27 deletions

View File

@ -1,4 +1,40 @@
include:
- project: dockerized/commons
ref: master
file: gitlab-ci-template.yml
stages:
- build
variables:
IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH
HUB_IMAGE_NAME: $DOCKER_HUB_LOGIN/$CI_PROJECT_NAME
build:
image: registry.hottis.de/dockerized/docker-bash:latest
stage: build
tags:
- hottis
- linux
- docker
only:
- publish
script:
- VERSION=`cat VERSION`
- UPSTREAM_RELEASE_TAG=`cat UPSTREAM_RELEASE_TAG`
- docker build --tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
--tag $IMAGE_NAME:latest
--tag $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
--tag $IMAGE_NAME:${VERSION}
--build-arg UNBOUND_TAG=${UPSTREAM_RELEASE_TAG}
.
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker push $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker push $IMAGE_NAME:latest
- docker push $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker push $IMAGE_NAME:${VERSION}
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:latest
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}
- docker push $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
- docker push $HUB_IMAGE_NAME:latest
- docker push $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
- docker push $HUB_IMAGE_NAME:${VERSION}

View File

@ -1,5 +1,8 @@
FROM alpine:3.13 AS builder
ARG UNBOUND_TAG="this_invalid_tag_certainly_does_not_exist"
ARG UNBOUND_CLONE_URL="https://github.com/NLnetLabs/unbound.git"
RUN \
apk update && \
apk add alpine-sdk && \
@ -10,7 +13,7 @@ RUN \
apk add libevent-dev && \
mkdir build && \
cd build && \
git clone https://github.com/NLnetLabs/unbound.git && \
git clone --branch ${UNBOUND_TAG} ${UNBOUND_CLONE_URL} && \
cd unbound && \
./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \
make && \
@ -32,6 +35,7 @@ COPY unbound.conf /etc/unbound/unbound.conf
EXPOSE 53/udp
EXPOSE 53/tcp
EXPOSE 443/tcp
EXPOSE 853/tcp
VOLUME /etc/unbound

1
UPSTREAM_RELEASE_TAG Normal file
View File

@ -0,0 +1 @@
release-1.13.2

1
VERSION Normal file
View File

@ -0,0 +1 @@
1.0.1

6
readme.md Normal file
View File

@ -0,0 +1,6 @@
This project provides a Docker image containing the unbound nameserver
in an Alpine Linux base.
unbound will be build including the DNSSEC, DNS-over-HTTPS and DNS-over-TLS features.

9
start.sh Executable file
View File

@ -0,0 +1,9 @@
docker run \
-it \
--rm \
-v $PWD/etc:/etc/unbound \
--name unbound \
-p 53:53/udp \
-p 53:53/tcp \
-p 853:853/tcp \
registry.hottis.de/dockerized/unbound:latest

View File

@ -1,37 +1,42 @@
server:
interface: 0.0.0.0
chroot: /etc/unbound
do-ip4: yes
do-ip6: no
interface: 0.0.0.0@53
port: 53
# tls-upstream: yes
# tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# initially create using unbound-anchor -a /etc/unbound/root.key
auto-trust-anchor-file: /etc/unbound/root.key
# can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md
tls-service-key: /etc/unbound/privkey.pem
tls-service-pem: /etc/unbound/pubcert.pem
interface: 0.0.0.0@853
tls-port: 853
interface: 0.0.0.0@443
https-port: 443
num-threads: 2
# curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
root-hints: /etc/unbound/root.hints
do-daemonize: no
verbosity: 1
logfile: ""
log-time-ascii: yes
log-queries: yes
log-replies: yes
log-queries: no
log-replies: no
access-control: 172.16.0.0/16 allow
access-control: 10.200.200.0/24 allow
access-control: 172.17.0.0/16 allow
local-zone: "nober.de." transparent
local-data: "base.hv.nober.de. IN A 192.0.2.51"
local-data: "api.hv.nober.de. IN A 192.0.2.51"
local-zone: "hottis.de." transparent
local-data: "authservice.hottis.de. IN A 172.16.10.41"
local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
local-data: "smarthome.hottis.de. IN A 172.16.10.41"
local-data: "registry.hottis.de. IN A 172.16.10.41"
local-data: "home.hottis.de. IN A 172.16.1.11"
local-data: "repo.hottis.de. IN A 172.16.1.11"
local-data: "sink.hottis.de. IN A 172.16.10.42"
local-data: "brkrint.hottis.de. IN A 172.16.2.16"
local-zone: "mainscnt.eu." transparent
local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"
local-data: "wiki.mainscnt.eu. IN A 172.16.10.41"
local-data: "broker.mainscnt.eu. IN A 172.16.10.40"
local-data: "db.mainscnt.eu. IN A 172.16.10.27"
local-data: "home.hottis.de. IN A 172.16.10.41"