Remove dnscrypt support

ustclug · Sep 24, 2023 · 9382b79 · 9382b79
1 parent 2f82b81
commit 9382b79
Show file tree

Hide file tree

Showing 6 changed files with 1 addition and 65 deletions.
diff --git a/.docker/build b/.docker/build
@@ -1,17 +1,5 @@
 #!/bin/bash
 
-build_dnscrypt-wrapper() {
-    apk add libevent libsodium 
-    apk add -t build-deps build-base git autoconf libsodium-dev libevent-dev bsd-compat-headers
-    export DNSCRYPT_WRAPPER_SRC=$SRC_DIR/dnscrypt-wrapper
-    git clone --recursive --depth=1 --branch=v$DNSCRYPT_VERSION https://github.com/cofyc/dnscrypt-wrapper.git $DNSCRYPT_WRAPPER_SRC
-    cd $DNSCRYPT_WRAPPER_SRC
-    make configure
-    ./configure
-    make
-    make install
-}
-
 build_bind() {
     export BIND_SRC=$SRC_DIR/bind.tar.xz
     export BIND_SRC_DIR=$SRC_DIR/bind-$BIND_VERSION
@@ -49,6 +37,7 @@ build_bind() {
 }
 
 get_china_list() {
+    apk add -t build-deps git make
     LIST_DIR=$SRC_DIR/dnsmasq-china-list
     git clone --depth=1 https://github.com/felixonmars/dnsmasq-china-list.git $LIST_DIR
     cd $LIST_DIR
@@ -65,7 +54,6 @@ mkdir -p $SRC_DIR
 
 apk update
 build_bind
-build_dnscrypt-wrapper
 get_china_list
 apk add \
     supervisor \
@@ -74,7 +62,6 @@ apk add \
     fail2ban
 mkdir -p /var/log/named \
         /var/log/supervisor \
-        /srv/dnscrypt-wrapper \
         /var/run/fail2ban
 rm /etc/fail2ban/jail.d/alpine-ssh.conf
 cd /

diff --git a/.docker/env b/.docker/env
@@ -6,8 +6,4 @@ GLOBAL_DNS1  = 8.8.4.4
 GLOBAL_DNS2  = 8.8.8.8
 CHINA_DNS1   = 119.29.29.29
 CHINA_DNS2   = 223.5.5.5
-DNSCRYPT_ON       = true
-DNSCRYPT_PROVIDER = 2.dnscrypt-cert.ustclug.org
-DNSCRYPT_PORT     = 443
-DNSCRYPT_VERSION  = 0.4.2
 FAIL2BAN_ON       = true
diff --git a/.docker/pre-run b/.docker/pre-run
@@ -16,13 +16,3 @@ else
     sed -e "s|\(.*\)|zone "\\1." {type forward; forwarders { $CHINA_DNS1; }; };|" /opt/apple.china.raw.txt > /etc/bind/named.conf.apple
 fi
 
-
-cd /srv/dnscrypt-wrapper
-[[ -f secret.key  ]] || dnscrypt-wrapper --gen-provider-keypair
-[[ -f public.key  ]] || >&2 echo "'public.key' does not exist. Please delete secret.key, and try again." 
-[[ -f fingerprint ]] || dnscrypt-wrapper --show-provider-publickey --provider-publickey-file public.key > fingerprint
-[[ -f server.key  ]] || dnscrypt-wrapper --gen-crypt-keypair --crypt-secretkey-file=server.key
-[[ -f server.cert ]] || dnscrypt-wrapper --gen-cert-file --crypt-secretkey-file=server.key --provider-cert-file=server.cert \
-    --provider-publickey-file=public.key --provider-secretkey-file=secret.key
-
-chmod go-rwx server.key secret.key
diff --git a/.docker/rootfs/etc/supervisor.d/supervisord.ini b/.docker/rootfs/etc/supervisor.d/supervisord.ini
@@ -9,16 +9,6 @@ stderr_logfile=/var/log/supervisor/named.error.log
 stdout_logfile_maxbytes=16MB
 stderr_logfile_maxbytes=16MB
 
-[program:dnscrypt-wrapper]
-autostart={{DNSCRYPT_ON}}
-command=dnscrypt-wrapper --resolver-address=127.0.0.1:53 --listen-address=0.0.0.0:{{DNSCRYPT_PORT}} --provider-name={{DNSCRYPT_PROVIDER}} --crypt-secretkey-file=server.key --provider-cert-file=server.cert
-directory=/srv/dnscrypt-wrapper
-redirect_stderr=true
-stdout_logfile=/var/log/supervisor/dnscrypt-wrapper.info.log
-stderr_logfile=/var/log/supervisor/dnscrypt-wrapper.error.log
-stdout_logfile_maxbytes=16MB
-stderr_logfile_maxbytes=16MB
-
 [program:fail2ban]
 autostart={{FAIL2BAN_ON}}
 command=/usr/bin/fail2ban-server -f

diff --git a/.docker/volumes.list b/.docker/volumes.list
@@ -1,4 +1,3 @@
 /var/log/named
 /var/log/supervisor
-/srv/dnscrypt-wrapper
 /var/bind/rpz
diff --git a/README.md b/README.md
@@ -5,7 +5,6 @@ an anti-pollution DNS server
 Including the following software:
 
 * bind
-* dnscrypt-wrapper
 
 ## Deployment
 
@@ -16,8 +15,6 @@ docker run -itd \
 	-p 53:53/udp \
 	-p 443:443/tcp \
 	-p 443:443/udp \
-	-v $DNSCRYPT_KEY_PATH:/srv/dnscrypt-wrapper \
-	-e DNSCRYPT_PROVIDER=2.dnscrypt-cert.example.org \
 	--cap-add=NET_ADMIN \
 	ustclug/neatdns:bind9
 ```
@@ -32,27 +29,4 @@ Available environment variables:
 | GLOBAL_DNS2       | alternate DNS server to resolve non-China website | 8.8.8.8                     |
 | CHINA_DNS1        | preferred DNS server to resolve China website | 119.29.29.29                |
 | CHINA_DNS2        | alternate DNS server to resolve China website | 223.5.5.5                   |
-| DNSCRYPT_ON       | auto-start DNSCrypt daemon               | true                        |
-| DNSCRYPT_PROVIDER | DNSCrypt provider name                   | 2.dnscrypt-cert.ustclug.org |
-| DNSCRYPT_PORT     | DNSCrypt port                            | 443                         |
 | FAIL2BAN_ON       | auto-start fail2ban                      | true                        |
-
-## DNSCrypt Client Usage
-
-Please get your own DNSCrypt fingerprint first:
-
-```shell
-$ cat $DNSCRYPT_KEY_PATH/fingerprint
-Provider public key fingerprint : 4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
-```
-
-**ATTENTION**: It would show a **different** fingerprint, please replace the fingerprint below with your own one.
-
-Then, run dnscrypt-proxy on the client side, for example:
-
-```
-dnscrypt-proxy --local-address=127.0.0.1:53 --resolver-address=$DNS_SERVER:443 --provider-name=2.dnscrypt-cert.example.org --provider-key=4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
-```
-
-**NOTE**:  You need to replace `$DNS_SERVER` with your server IP address.
-