Compare commits
8 Commits
with_nghtt
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| e387f2810c | |||
| 6dd5b5e143 | |||
| 98ccd864b5 | |||
| f56d19f8f1 | |||
| db8d422cf9 | |||
|
6ca9c2ad48
|
||
|
|
c69b4b4fb5
|
||
|
|
7f9ae80fb8
|
@ -1,4 +1,40 @@
|
||||
include:
|
||||
- project: dockerized/commons
|
||||
ref: master
|
||||
file: gitlab-ci-template.yml
|
||||
stages:
|
||||
- build
|
||||
|
||||
variables:
|
||||
IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH
|
||||
HUB_IMAGE_NAME: $DOCKER_HUB_LOGIN/$CI_PROJECT_NAME
|
||||
|
||||
build:
|
||||
image: registry.hottis.de/dockerized/docker-bash:latest
|
||||
stage: build
|
||||
tags:
|
||||
- hottis
|
||||
- linux
|
||||
- docker
|
||||
only:
|
||||
- publish
|
||||
script:
|
||||
- VERSION=`cat VERSION`
|
||||
- UPSTREAM_RELEASE_TAG=`cat UPSTREAM_RELEASE_TAG`
|
||||
- docker build --tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||
--tag $IMAGE_NAME:latest
|
||||
--tag $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||
--tag $IMAGE_NAME:${VERSION}
|
||||
--build-arg UNBOUND_TAG=${UPSTREAM_RELEASE_TAG}
|
||||
.
|
||||
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||
- docker push $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||
- docker push $IMAGE_NAME:latest
|
||||
- docker push $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||
- docker push $IMAGE_NAME:${VERSION}
|
||||
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
|
||||
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:latest
|
||||
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}
|
||||
- docker push $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||
- docker push $HUB_IMAGE_NAME:latest
|
||||
- docker push $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||
- docker push $HUB_IMAGE_NAME:${VERSION}
|
||||
|
||||
|
||||
@ -1,5 +1,8 @@
|
||||
FROM alpine:3.13 AS builder
|
||||
|
||||
ARG UNBOUND_TAG="this_invalid_tag_certainly_does_not_exist"
|
||||
ARG UNBOUND_CLONE_URL="https://github.com/NLnetLabs/unbound.git"
|
||||
|
||||
RUN \
|
||||
apk update && \
|
||||
apk add alpine-sdk && \
|
||||
@ -10,7 +13,7 @@ RUN \
|
||||
apk add libevent-dev && \
|
||||
mkdir build && \
|
||||
cd build && \
|
||||
git clone https://github.com/NLnetLabs/unbound.git && \
|
||||
git clone --branch ${UNBOUND_TAG} ${UNBOUND_CLONE_URL} && \
|
||||
cd unbound && \
|
||||
./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \
|
||||
make && \
|
||||
@ -32,6 +35,7 @@ COPY unbound.conf /etc/unbound/unbound.conf
|
||||
|
||||
EXPOSE 53/udp
|
||||
EXPOSE 53/tcp
|
||||
EXPOSE 443/tcp
|
||||
EXPOSE 853/tcp
|
||||
|
||||
VOLUME /etc/unbound
|
||||
|
||||
1
UPSTREAM_RELEASE_TAG
Normal file
1
UPSTREAM_RELEASE_TAG
Normal file
@ -0,0 +1 @@
|
||||
release-1.13.2
|
||||
6
readme.md
Normal file
6
readme.md
Normal file
@ -0,0 +1,6 @@
|
||||
This project provides a Docker image containing the unbound nameserver
|
||||
in an Alpine Linux base.
|
||||
|
||||
unbound will be build including the DNSSEC, DNS-over-HTTPS and DNS-over-TLS features.
|
||||
|
||||
|
||||
9
start.sh
Executable file
9
start.sh
Executable file
@ -0,0 +1,9 @@
|
||||
docker run \
|
||||
-it \
|
||||
--rm \
|
||||
-v $PWD/etc:/etc/unbound \
|
||||
--name unbound \
|
||||
-p 53:53/udp \
|
||||
-p 53:53/tcp \
|
||||
-p 853:853/tcp \
|
||||
registry.hottis.de/dockerized/unbound:latest
|
||||
49
unbound.conf
49
unbound.conf
@ -1,37 +1,42 @@
|
||||
server:
|
||||
interface: 0.0.0.0
|
||||
chroot: /etc/unbound
|
||||
|
||||
do-ip4: yes
|
||||
do-ip6: no
|
||||
|
||||
interface: 0.0.0.0@53
|
||||
port: 53
|
||||
|
||||
# tls-upstream: yes
|
||||
# tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
# initially create using unbound-anchor -a /etc/unbound/root.key
|
||||
auto-trust-anchor-file: /etc/unbound/root.key
|
||||
|
||||
# can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md
|
||||
tls-service-key: /etc/unbound/privkey.pem
|
||||
tls-service-pem: /etc/unbound/pubcert.pem
|
||||
interface: 0.0.0.0@853
|
||||
tls-port: 853
|
||||
interface: 0.0.0.0@443
|
||||
https-port: 443
|
||||
|
||||
num-threads: 2
|
||||
|
||||
# curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
|
||||
root-hints: /etc/unbound/root.hints
|
||||
|
||||
do-daemonize: no
|
||||
|
||||
verbosity: 1
|
||||
logfile: ""
|
||||
log-time-ascii: yes
|
||||
log-queries: yes
|
||||
log-replies: yes
|
||||
log-queries: no
|
||||
log-replies: no
|
||||
|
||||
access-control: 172.16.0.0/16 allow
|
||||
access-control: 10.200.200.0/24 allow
|
||||
access-control: 172.17.0.0/16 allow
|
||||
|
||||
local-zone: "nober.de." transparent
|
||||
local-data: "base.hv.nober.de. IN A 192.0.2.51"
|
||||
local-data: "api.hv.nober.de. IN A 192.0.2.51"
|
||||
|
||||
local-zone: "hottis.de." transparent
|
||||
local-data: "authservice.hottis.de. IN A 172.16.10.41"
|
||||
local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
|
||||
local-data: "smarthome.hottis.de. IN A 172.16.10.41"
|
||||
local-data: "registry.hottis.de. IN A 172.16.10.41"
|
||||
local-data: "home.hottis.de. IN A 172.16.1.11"
|
||||
local-data: "repo.hottis.de. IN A 172.16.1.11"
|
||||
local-data: "sink.hottis.de. IN A 172.16.10.42"
|
||||
local-data: "brkrint.hottis.de. IN A 172.16.2.16"
|
||||
|
||||
local-zone: "mainscnt.eu." transparent
|
||||
local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"
|
||||
local-data: "wiki.mainscnt.eu. IN A 172.16.10.41"
|
||||
local-data: "broker.mainscnt.eu. IN A 172.16.10.40"
|
||||
local-data: "db.mainscnt.eu. IN A 172.16.10.27"
|
||||
|
||||
local-data: "home.hottis.de. IN A 172.16.10.41"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user