diff options
Diffstat (limited to 'network/dnscrypt-wrapper/dnscrypt-wrapper.default')
| -rw-r--r-- | network/dnscrypt-wrapper/dnscrypt-wrapper.default | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/network/dnscrypt-wrapper/dnscrypt-wrapper.default b/network/dnscrypt-wrapper/dnscrypt-wrapper.default new file mode 100644 index 0000000000..4d97d997d2 --- /dev/null +++ b/network/dnscrypt-wrapper/dnscrypt-wrapper.default @@ -0,0 +1,70 @@ +# /etc/default/dnscrypt-wrapper + +# This file contains the configuration settings for dnscrypt-wrapper. In the +# unusual event that you may wish to run multiple instances on the same +# machine, this file supports configuring and running multiple instances (see +# the bottom of this file for a sample secondary configuration). + +# CHROOTDIR should be the same path as the USER's home directory. +# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody, +# this should be "/". +CHROOTDIR[0]="/run/dnscrypt" +#CHROOTDIR[0]="/" + +# The address and (optional) port to listen on. The default port is 53. +LISTENADDRESS[0]="0.0.0.0:53" + +# The pid file for this instance. PIDFILE must always be specified for each +# instance! +PIDFILE[0]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-0.pid" + +# Runs the daemon as the following user and chroots to that user's home +# directory (this is a security feature -- it is best not to change this!) +USER[0]="dnscrypt" +#USER[0]="nobody" + +# If DNSCRYPTDIR is set, it will look for files crypt_public.key, +# crypt_secret.key, public.key, and secret.key in the specified directory. +# CRYPTPUBLICKEYFILE, CRYPTSECRETKEYFILE, PROVIDERPUBLICKEYFILE and +# PROVIDERSECRETKEYFILE will be ignored. +DNSCRYPTDIR[0]="/var/lib/dnscrypt-wrapper" + +# Or, if DNSCRYPTDIR is unset, you can specify those files manually. +#CRYPTPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_public.key" +#CRYPTSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_secret.key" +#PROVIDERPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/public.key" +#PROVIDERSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/secret.key" + +# PROVIDERNAME is the fully qualified domain name that identifies the server. +# For a LAN service the first example should work (you should replace hostname +# with your actual hostname since it will be used by clients). For a public +# service you should use a real domain like the second example. +PROVIDERNAME[0]="2.dnscrypt-cert.hostname.localdomain" +#PROVIDERNAME[0]="2.dnscrypt-cert.example.com" + +# PROVIDERCERTFILE is the location of the pre-signed certificate generated. If +# you are running a public service, it may be desirable to omit this option and +# instead store the generated pre-signed certificate (binary string) in a TXT +# record for your provider name (set by PROVIDERNAME above) so that the +# certificate will be provided by a nameserver instead of directly by +# dnscrypt-wrapper. See /usr/doc/dnscrypt-wrapper-@VERSION@/README.md for more. +PROVIDERCERTFILE[0]="/var/lib/dnscrypt-wrapper/dnscrypt.cert" + +# The address of the DNS resolver to use to forward requests. You will probably +# want to change this! If you run your own nameserver (or forwarder) you should +# point it there. You may wish to use the nameserver from /etc/resolv.conf. +RESOLVERADDRESS[0]="8.8.8.8:53" + +# Where to log. +LOGFILE[0]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper.log" + +# A simple example configuration for a second instance +#CHROOTDIR[1]="/run/dnscrypt" +#LISTENADDRESS[1]="0.0.0.0:5353" +#PIDFILE[1]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-1.pid" +#USER[1]="dnscrypt" +#DNSCRYPTDIR[1]="/var/lib/dnscrypt-wrapper/1" +#PROVIDERNAME[1]="2.dnscrypt-cert.hostname.localdomain" +#PROVIDERCERTFILE[1]="/var/lib/dnscrypt-wrapper/1/dnscrypt.cert" +#RESOLVERADDRESS[1]="8.8.8.8:53" +#LOGFILE[1]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper-1.log" |