Merge branch 'master' into fix/2152

This commit is contained in:
ArtemBaskal 2020-10-08 11:35:06 +03:00
commit be82502ba7
12 changed files with 568 additions and 77 deletions

View File

@ -830,6 +830,36 @@ Request:
"private_key_path":"..." // if set, private_key must be empty "private_key_path":"..." // if set, private_key must be empty
} }
Response:
200 OK
### API: Validate TLS configuration
Request:
POST /control/tls/validate
{
"enabled":true,
"port_https":443,
"port_dns_over_tls":853,
"port_dns_over_quic":784,
"allow_unencrypted_doh":false,
"certificate_chain":"...",
"private_key":"...",
"certificate_path":"...",
"private_key_path":"...",
"valid_cert":true,
"valid_chain":false,
"not_before":"2019-03-19T08:23:45Z",
"not_after":"2029-03-16T08:23:45Z",
"dns_names":null,
"valid_key":true,
"valid_pair":true
}
Response: Response:
200 OK 200 OK
@ -1948,6 +1978,29 @@ Check if host name is blocked by SB/PC service:
sha256(sub.host.com)[0..1] -> hashes[2],... sha256(sub.host.com)[0..1] -> hashes[2],...
... ...
## API: Get DNS over HTTPS .mobileconfig
Request:
GET /apple/doh.mobileconfig
Response:
200 OK
DOH plist file
## API: Get DNS over TLS .mobileconfig
Request:
GET /apple/dot.mobileconfig
Response:
200 OK
DOT plist file
## ipset ## ipset

View File

@ -56,10 +56,10 @@ ifeq ($(CHANNEL),edge)
endif endif
# goreleaser command depends on the $CHANNEL # goreleaser command depends on the $CHANNEL
GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot --parallelism 1
ifneq ($(CHANNEL),edge) ifneq ($(CHANNEL),edge)
# If this is not an "edge" build, use normal release command # If this is not an "edge" build, use normal release command
GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --parallelism 1
endif endif
# Version properties # Version properties

View File

@ -64,14 +64,29 @@ It operates as a DNS server that re-routes tracking domains to a "black hole," t
<a id="getting-started"></a> <a id="getting-started"></a>
## Getting Started ## Getting Started
Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home, and how to configure your devices to use it. ### Automated install (Linux and Mac)
Run the following command in your terminal:
```
curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh
```
### Alternative methods
#### Manual installation
Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home manually, and how to configure your devices to use it.
#### Docker
You can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome).
#### Snap Store
If you're running **Linux**, there's a secure and easy way to install AdGuard Home - you can get it from the [Snap Store](https://snapcraft.io/adguard-home). If you're running **Linux**, there's a secure and easy way to install AdGuard Home - you can get it from the [Snap Store](https://snapcraft.io/adguard-home).
Alternatively, you can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome).
### Guides ### Guides
* [FAQ](https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ)
* [Configuration](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration) * [Configuration](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration)
* [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption) * [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption)
* [How to install and run AdGuard Home on Raspberry Pi](https://github.com/AdguardTeam/AdGuardHome/wiki/Raspberry-Pi) * [How to install and run AdGuard Home on Raspberry Pi](https://github.com/AdguardTeam/AdGuardHome/wiki/Raspberry-Pi)
@ -228,13 +243,17 @@ There are three options how you can install an unstable version:
1. [Snap Store](https://snapcraft.io/adguard-home) -- look for "beta" and "edge" channels there. 1. [Snap Store](https://snapcraft.io/adguard-home) -- look for "beta" and "edge" channels there.
2. [Docker Hub](https://hub.docker.com/r/adguard/adguardhome) -- look for "beta" and "edge" tags there. 2. [Docker Hub](https://hub.docker.com/r/adguard/adguardhome) -- look for "beta" and "edge" tags there.
3. Standalone builds. Look for the available builds below. 3. Standalone builds. Use the automated installation script or look for the available builds below.
There are three options how you can install an unstable version. Beta:
```
curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s beta
```
1. You can either install AdGuard Home from "beta" or "edge" distribution channel which we update periodically. If you're already using stable version of AdGuard Home, just replace the executable file with a new one. Edge:
2. You can use the Docker image from the `edge` tag, which is synced with the repo master branch. ```
3. You can install AdGuard Home from `beta` or `edge` channels on the Snap Store. curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s edge
```
* Beta channel builds * Beta channel builds
* Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz) * Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz)

View File

@ -249,6 +249,8 @@
"blocking_ipv6": "Blocking IPv6", "blocking_ipv6": "Blocking IPv6",
"dns_over_https": "DNS-over-HTTPS", "dns_over_https": "DNS-over-HTTPS",
"dns_over_tls": "DNS-over-TLS", "dns_over_tls": "DNS-over-TLS",
"download_mobileconfig_doh": "Download .mobileconfig for DNS-over-HTTPS",
"download_mobileconfig_dot": "Download .mobileconfig for DNS-over-TLS",
"plain_dns": "Plain DNS", "plain_dns": "Plain DNS",
"form_enter_rate_limit": "Enter rate limit", "form_enter_rate_limit": "Enter rate limit",
"rate_limit": "Rate limit", "rate_limit": "Rate limit",
@ -415,7 +417,8 @@
"dns_privacy": "DNS Privacy", "dns_privacy": "DNS Privacy",
"setup_dns_privacy_1": "<0>DNS-over-TLS:</0> Use <1>{{address}}</1> string.", "setup_dns_privacy_1": "<0>DNS-over-TLS:</0> Use <1>{{address}}</1> string.",
"setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> Use <1>{{address}}</1> string.", "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> Use <1>{{address}}</1> string.",
"setup_dns_privacy_3": "<0>Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.</0><0>Here's a list of software you can use.</0>", "setup_dns_privacy_3": "<0>Here's a list of software you can use.</0>",
"setup_dns_privacy_4": "On an iOS 14 or MacOS Big Sur device you can download special '.mobileconfig' file that adds <highlight>DNS-over-HTTPS</highlight> or <highlight>DNS-over-TLS</highlight> servers to the DNS settings.",
"setup_dns_privacy_android_1": "Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.", "setup_dns_privacy_android_1": "Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.",
"setup_dns_privacy_android_2": "<0>AdGuard for Android</0> supports <1>DNS-over-HTTPS</1> and <1>DNS-over-TLS</1>.", "setup_dns_privacy_android_2": "<0>AdGuard for Android</0> supports <1>DNS-over-HTTPS</1> and <1>DNS-over-TLS</1>.",
"setup_dns_privacy_android_3": "<0>Intra</0> adds <1>DNS-over-HTTPS</1> support to Android.", "setup_dns_privacy_android_3": "<0>Intra</0> adds <1>DNS-over-HTTPS</1> support to Android.",

View File

@ -1,10 +1,43 @@
import React, { useState } from 'react'; import React, { useState } from 'react';
import PropTypes from 'prop-types'; import PropTypes from 'prop-types';
import { Trans, withTranslation } from 'react-i18next'; import { Trans, useTranslation } from 'react-i18next';
import i18next from 'i18next';
import Tabs from './Tabs'; import Tabs from './Tabs';
import Icons from './Icons'; import Icons from './Icons';
const MOBILE_CONFIG_LINKS = {
DOT: '/apple/dot.mobileconfig',
DOH: '/apple/doh.mobileconfig',
};
const renderMobileconfigInfo = ({ label, components }) => <li key={label}>
<Trans components={components}>{label}</Trans>
<ul>
<li>
<a href={MOBILE_CONFIG_LINKS.DOT} download>{i18next.t('download_mobileconfig_dot')}</a>
</li>
<li>
<a href={MOBILE_CONFIG_LINKS.DOH} download>{i18next.t('download_mobileconfig_doh')}</a>
</li>
</ul>
</li>;
const renderLi = ({ label, components }) => <li key={label}>
<Trans components={components?.map((props) => {
if (React.isValidElement(props)) {
return props;
}
const {
// eslint-disable-next-line react/prop-types
href, target = '_blank', rel = 'noopener noreferrer', key = '0',
} = props;
return <a href={href} target={target} rel={rel} key={key}>link</a>;
})}>
{label}
</Trans>
</li>;
const dnsPrivacyList = [{ const dnsPrivacyList = [{
title: 'Android', title: 'Android',
list: [ list: [
@ -36,6 +69,23 @@ const dnsPrivacyList = [{
{ {
title: 'iOS', title: 'iOS',
list: [ list: [
{
label: 'setup_dns_privacy_ios_2',
components: [
{
key: 0,
href: 'https://adguard.com/adguard-ios/overview.html',
},
<code key="1">text</code>,
],
},
{
label: 'setup_dns_privacy_4',
components: {
highlight: <code />,
},
renderComponent: renderMobileconfigInfo,
},
{ {
label: 'setup_dns_privacy_ios_1', label: 'setup_dns_privacy_ios_1',
components: [ components: [
@ -51,16 +101,6 @@ const dnsPrivacyList = [{
], ],
}, },
{
label: 'setup_dns_privacy_ios_2',
components: [
{
key: 0,
href: 'https://adguard.com/adguard-ios/overview.html',
},
<code key="1">text</code>,
],
},
], ],
}, },
{ {
@ -116,26 +156,15 @@ const dnsPrivacyList = [{
}, },
]; ];
const renderDnsPrivacyList = ({ title, list }) => <div className="tab__paragraph"> const renderDnsPrivacyList = ({ title, list }) => <div className="tab__paragraph" key={title}>
<strong><Trans>{title}</Trans></strong> <strong><Trans>{title}</Trans></strong>
<ul>{list.map(({ label, components }) => <li key={label}> <ul>{list.map(
<Trans ({
components={components?.map((props) => { label,
if (React.isValidElement(props)) { components,
return props; renderComponent = renderLi,
} }) => renderComponent({ label, components }),
const { )}
// eslint-disable-next-line react/prop-types
href, target = '_blank', rel = 'noopener noreferrer', key = '0',
} = props;
return <a
href={href} target={target}
rel={rel} key={key}>link</a>;
})}>
{label}
</Trans>
</li>)}
</ul> </ul>
</div>; </div>;
@ -195,8 +224,8 @@ const getTabs = ({
}, },
dns_privacy: { dns_privacy: {
title: 'dns_privacy', title: 'dns_privacy',
// eslint-disable-next-line react/display-name getTitle: function Title() {
getTitle: () => <div label="dns_privacy" title={t('dns_privacy')}> return <div label="dns_privacy" title={t('dns_privacy')}>
<div className="tab__text"> <div className="tab__text">
{tlsAddress?.length > 0 && ( {tlsAddress?.length > 0 && (
<div className="tab__paragraph"> <div className="tab__paragraph">
@ -251,14 +280,15 @@ const getTabs = ({
{dnsPrivacyList.map(renderDnsPrivacyList)} {dnsPrivacyList.map(renderDnsPrivacyList)}
</>} </>}
</div> </div>
</div>, </div>;
},
}, },
}); });
const renderContent = ({ title, list, getTitle }, t) => <div key={title} label={t(title)}> const renderContent = ({ title, list, getTitle }) => <div key={title} label={i18next.t(title)}>
<div className="tab__title">{t(title)}</div> <div className="tab__title">{i18next.t(title)}</div>
<div className="tab__text"> <div className="tab__text">
{typeof getTitle === 'function' && getTitle()} {getTitle?.()}
{list {list
&& <ol>{list.map((item) => <li key={item}> && <ol>{list.map((item) => <li key={item}>
<Trans>{item}</Trans> <Trans>{item}</Trans>
@ -267,9 +297,10 @@ const renderContent = ({ title, list, getTitle }, t) => <div key={title} label={
</div> </div>
</div>; </div>;
const Guide = ({ dnsAddresses, t }) => { const Guide = ({ dnsAddresses }) => {
const tlsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('tls://'))) || ''; const { t } = useTranslation();
const httpsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('https://'))) || ''; const tlsAddress = dnsAddresses?.filter((item) => item.includes('tls://')) ?? '';
const httpsAddress = dnsAddresses?.filter((item) => item.includes('https://')) ?? '';
const showDnsPrivacyNotice = httpsAddress.length < 1 && tlsAddress.length < 1; const showDnsPrivacyNotice = httpsAddress.length < 1 && tlsAddress.length < 1;
const [activeTabLabel, setActiveTabLabel] = useState('Router'); const [activeTabLabel, setActiveTabLabel] = useState('Router');
@ -281,7 +312,7 @@ const Guide = ({ dnsAddresses, t }) => {
t, t,
}); });
const activeTab = renderContent(tabs[activeTabLabel], t); const activeTab = renderContent(tabs[activeTabLabel]);
return ( return (
<div> <div>
@ -298,12 +329,12 @@ Guide.defaultProps = {
Guide.propTypes = { Guide.propTypes = {
dnsAddresses: PropTypes.array, dnsAddresses: PropTypes.array,
t: PropTypes.func.isRequired,
}; };
renderDnsPrivacyList.propTypes = { renderDnsPrivacyList.propTypes = {
title: PropTypes.string.isRequired, title: PropTypes.string.isRequired,
list: PropTypes.array.isRequired, list: PropTypes.array.isRequired,
renderList: PropTypes.func,
}; };
renderContent.propTypes = { renderContent.propTypes = {
@ -312,4 +343,11 @@ renderContent.propTypes = {
getTitle: PropTypes.func, getTitle: PropTypes.func,
}; };
export default withTranslation()(Guide); renderLi.propTypes = {
label: PropTypes.string,
components: PropTypes.string,
};
renderMobileconfigInfo.propTypes = renderLi.propTypes;
export default Guide;

2
go.mod
View File

@ -19,6 +19,7 @@ require (
github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065
github.com/miekg/dns v1.1.31 github.com/miekg/dns v1.1.31
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/satori/go.uuid v1.2.0
github.com/sirupsen/logrus v1.6.0 // indirect github.com/sirupsen/logrus v1.6.0 // indirect
github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c
github.com/stretchr/testify v1.5.1 github.com/stretchr/testify v1.5.1
@ -31,4 +32,5 @@ require (
google.golang.org/protobuf v1.25.0 // indirect google.golang.org/protobuf v1.25.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0
gopkg.in/yaml.v2 v2.3.0 gopkg.in/yaml.v2 v2.3.0
howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5
) )

4
go.sum
View File

@ -210,6 +210,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
github.com/rogpeppe/go-internal v1.3.0 h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk= github.com/rogpeppe/go-internal v1.3.0 h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ= github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ=
github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
@ -430,6 +432,8 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc=
howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=

View File

@ -97,8 +97,11 @@ func registerControlHandlers() {
httpRegister(http.MethodGet, "/control/i18n/current_language", handleI18nCurrentLanguage) httpRegister(http.MethodGet, "/control/i18n/current_language", handleI18nCurrentLanguage)
http.HandleFunc("/control/version.json", postInstall(optionalAuth(handleGetVersionJSON))) http.HandleFunc("/control/version.json", postInstall(optionalAuth(handleGetVersionJSON)))
httpRegister(http.MethodPost, "/control/update", handleUpdate) httpRegister(http.MethodPost, "/control/update", handleUpdate)
httpRegister(http.MethodGet, "/control/profile", handleGetProfile)
httpRegister("GET", "/control/profile", handleGetProfile) // No auth is necessary for DOH/DOT configurations
http.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoh))
http.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDot))
RegisterAuthHandlers() RegisterAuthHandlers()
} }

View File

@ -197,6 +197,44 @@ func generateServerConfig() dnsforward.ServerConfig {
return newconfig return newconfig
} }
type DNSEncryption struct {
https string
tls string
quic string
}
func getDNSEncryption() DNSEncryption {
dnsEncryption := DNSEncryption{}
tlsConf := tlsConfigSettings{}
Context.tls.WriteDiskConfig(&tlsConf)
if tlsConf.Enabled && len(tlsConf.ServerName) != 0 {
if tlsConf.PortHTTPS != 0 {
addr := tlsConf.ServerName
if tlsConf.PortHTTPS != 443 {
addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS)
}
addr = fmt.Sprintf("https://%s/dns-query", addr)
dnsEncryption.https = addr
}
if tlsConf.PortDNSOverTLS != 0 {
addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS)
dnsEncryption.tls = addr
}
if tlsConf.PortDNSOverQUIC != 0 {
addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC)
dnsEncryption.quic = addr
}
}
return dnsEncryption
}
// Get the list of DNS addresses the server is listening on // Get the list of DNS addresses the server is listening on
func getDNSAddresses() []string { func getDNSAddresses() []string {
dnsAddresses := []string{} dnsAddresses := []string{}
@ -217,28 +255,15 @@ func getDNSAddresses() []string {
addDNSAddress(&dnsAddresses, config.DNS.BindHost) addDNSAddress(&dnsAddresses, config.DNS.BindHost)
} }
tlsConf := tlsConfigSettings{} dnsEncryption := getDNSEncryption()
Context.tls.WriteDiskConfig(&tlsConf) if dnsEncryption.https != "" {
if tlsConf.Enabled && len(tlsConf.ServerName) != 0 { dnsAddresses = append(dnsAddresses, dnsEncryption.https)
if tlsConf.PortHTTPS != 0 {
addr := tlsConf.ServerName
if tlsConf.PortHTTPS != 443 {
addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS)
} }
addr = fmt.Sprintf("https://%s/dns-query", addr) if dnsEncryption.tls != "" {
dnsAddresses = append(dnsAddresses, addr) dnsAddresses = append(dnsAddresses, dnsEncryption.tls)
}
if tlsConf.PortDNSOverTLS != 0 {
addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS)
dnsAddresses = append(dnsAddresses, addr)
}
if tlsConf.PortDNSOverQUIC != 0 {
addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC)
dnsAddresses = append(dnsAddresses, addr)
} }
if dnsEncryption.quic != "" {
dnsAddresses = append(dnsAddresses, dnsEncryption.quic)
} }
return dnsAddresses return dnsAddresses

92
home/mobileconfig.go Normal file
View File

@ -0,0 +1,92 @@
package home
import (
"fmt"
"net/http"
uuid "github.com/satori/go.uuid"
"howett.net/plist"
)
type DNSSettings struct {
DNSProtocol string
ServerURL string `plist:",omitempty"`
ServerName string `plist:",omitempty"`
}
type PayloadContent = struct {
Name string
PayloadDescription string
PayloadDisplayName string
PayloadIdentifier string
PayloadType string
PayloadUUID string
PayloadVersion int
DNSSettings DNSSettings
}
type MobileConfig = struct {
PayloadContent []PayloadContent
PayloadDescription string
PayloadDisplayName string
PayloadIdentifier string
PayloadRemovalDisallowed bool
PayloadType string
PayloadUUID string
PayloadVersion int
}
func genUUIDv4() string {
return uuid.NewV4().String()
}
func getMobileConfig(r *http.Request, d DNSSettings) ([]byte, error) {
name := fmt.Sprintf("%s DNS over %s", r.Host, d.DNSProtocol)
data := MobileConfig{
PayloadContent: []PayloadContent{{
Name: name,
PayloadDescription: "Configures device to use AdGuard Home",
PayloadDisplayName: name,
PayloadIdentifier: fmt.Sprintf("com.apple.dnsSettings.managed.%s", genUUIDv4()),
PayloadType: "com.apple.dnsSettings.managed",
PayloadUUID: genUUIDv4(),
PayloadVersion: 1,
DNSSettings: d,
}},
PayloadDescription: "Adds AdGuard Home to Big Sur and iOS 14 or newer systems",
PayloadDisplayName: name,
PayloadIdentifier: genUUIDv4(),
PayloadRemovalDisallowed: false,
PayloadType: "Configuration",
PayloadUUID: genUUIDv4(),
PayloadVersion: 1,
}
return plist.MarshalIndent(data, plist.XMLFormat, "\t")
}
func handleMobileConfig(w http.ResponseWriter, r *http.Request, d DNSSettings) {
mobileconfig, err := getMobileConfig(r, d)
if err != nil {
httpError(w, http.StatusInternalServerError, "plist.MarshalIndent: %s", err)
}
w.Header().Set("Content-Type", "application/xml")
_, _ = w.Write(mobileconfig)
}
func handleMobileConfigDoh(w http.ResponseWriter, r *http.Request) {
handleMobileConfig(w, r, DNSSettings{
DNSProtocol: "HTTPS",
ServerURL: fmt.Sprintf("https://%s/dns-query", r.Host),
})
}
func handleMobileConfigDot(w http.ResponseWriter, r *http.Request) {
handleMobileConfig(w, r, DNSSettings{
DNSProtocol: "TLS",
ServerName: r.Host,
})
}

View File

@ -35,6 +35,8 @@ tags:
description: AdGuard Home statistics description: AdGuard Home statistics
- name: tls - name: tls
description: AdGuard Home HTTPS/DOH/DOT settings description: AdGuard Home HTTPS/DOH/DOT settings
- name: mobileconfig
description: Apple .mobileconfig
paths: paths:
/status: /status:
@ -915,6 +917,27 @@ paths:
application/json: application/json:
schema: schema:
$ref: "#/components/schemas/ProfileInfo" $ref: "#/components/schemas/ProfileInfo"
/apple/doh.mobileconfig:
get:
tags:
- mobileconfig
- global
operationId: mobileConfigDoH
summary: Get DNS over HTTPS .mobileconfig
responses:
"200":
description: DNS over HTTPS plist file
/apple/dot.mobileconfig:
get:
tags:
- mobileconfig
- global
operationId: mobileConfigDoT
summary: Get TLS over TLS .mobileconfig
responses:
"200":
description: DNS over TLS plist file
components: components:
requestBodies: requestBodies:

229
scripts/install.sh Normal file
View File

@ -0,0 +1,229 @@
#!/bin/sh
# AdGuardHome installation script
#
# 1. Download the package
# 2. Unpack it
# 3. Install as a service
#
# Requirements:
# . bash
# . which
# . printf
# . uname
# . id
# . head, tail
# . curl
# . tar or unzip
# . rm
set -e
log_info()
{
printf "[info] %s\\n" "$1"
}
log_error()
{
printf "[error] %s\\n" "$1"
}
# Get OS
# Return: darwin, linux, freebsd
detect_os()
{
UNAME_S="$(uname -s)"
OS=
case "$UNAME_S" in
Linux)
OS=linux
;;
FreeBSD)
OS=freebsd
;;
Darwin)
OS=darwin
;;
*)
return 1
;;
esac
echo $OS
}
# Get CPU endianness
# Return: le, ""
cpu_little_endian()
{
ENDIAN_FLAG="$(head -c 6 /bin/bash | tail -c 1)"
if [ "$ENDIAN_FLAG" = "$(printf '\001')" ]; then
echo 'le'
return 0
fi
}
# Get CPU
# Return: amd64, 386, armv5, armv6, armv7, arm64, mips_softfloat, mipsle_softfloat, mips64_softfloat, mips64le_softfloat
detect_cpu()
{
UNAME_M="$(uname -m)"
CPU=
case "$UNAME_M" in
x86_64 | x86-64 | x64 | amd64)
CPU=amd64
;;
i386 | i486 | i686 | i786 | x86)
CPU=386
;;
armv5l)
CPU=armv5
;;
armv6l)
CPU=armv6
;;
armv7l | armv8l)
CPU=armv7
;;
aarch64)
CPU=arm64
;;
mips)
LE=$(cpu_little_endian)
CPU=mips${LE}_softfloat
;;
mips64)
LE=$(cpu_little_endian)
CPU=mips64${LE}_softfloat
;;
*)
return 1
esac
echo "${CPU}"
}
# Get package file name extension
# Return: tar.gz, zip
package_extension()
{
if [ "$OS" = "darwin" ]; then
echo "zip"
return 0
fi
echo "tar.gz"
}
# Download data to a file
# Use: download URL OUTPUT
download()
{
log_info "Downloading package from $1 -> $2"
if is_command curl ; then
curl -s "$1" --output "$2" || error_exit "Failed to download $1"
else
error_exit "curl is necessary to install AdGuard Home"
fi
}
# Unpack package to a directory
# Use: unpack INPUT OUTPUT_DIR PKG_EXT
unpack()
{
log_info "Unpacking package from $1 -> $2"
mkdir -p "$2"
if [ "$3" = "zip" ]; then
unzip -qq "$1" -d "$2" || return 1
elif [ "$3" = "tar.gz" ]; then
tar xzf "$1" -C "$2" || return 1
else
return 1
fi
}
# Print error message and exit
# Use: error_exit MESSAGE
error_exit()
{
log_error "$1"
exit 1
}
# Check if command exists
# Use: is_command COMMAND
is_command() {
check_command="$1"
command -v "${check_command}" >/dev/null 2>&1
}
# Entry point
main() {
log_info "Starting AdGuard Home installation script"
CHANNEL=${1}
if [ "${CHANNEL}" != "beta" ] && [ "${CHANNEL}" != "edge" ]; then
CHANNEL=release
fi
log_info "Channel ${CHANNEL}"
OS=$(detect_os) || error_exit "Cannot detect your OS"
CPU=$(detect_cpu) || error_exit "Cannot detect your CPU"
PKG_EXT=$(package_extension)
PKG_NAME=AdGuardHome_${OS}_${CPU}.${PKG_EXT}
SCRIPT_URL="https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh"
URL="https://static.adguard.com/adguardhome/${CHANNEL}/${PKG_NAME}"
OUT_DIR=/opt
# Root check
if [ "$(id -u)" -eq 0 ]; then
log_info "Script called with root privileges"
else
if is_command sudo ; then
log_info "Please note, that AdGuard Home requires root privileges to install using this script."
log_info "Restarting with root privileges"
exec curl -sSL ${SCRIPT_URL} | sudo sh -s "$@"
exit $?
else
log_info "Root privileges are required to install AdGuard Home using this installer."
log_info "Please, re-run this script as root."
exit 1
fi
fi
log_info "AdGuard Home will be installed to ${OUT_DIR}/AdGuardHome"
[ -d "${OUT_DIR}/AdGuardHome" ] && error_exit "Directory ${OUT_DIR}/AdGuardHome already exists, abort installation"
download "${URL}" "${PKG_NAME}" || error_exit "Cannot download the package"
unpack "${PKG_NAME}" "${OUT_DIR}" "${PKG_EXT}" || error_exit "Cannot unpack the package"
# Install AdGuard Home service and run it
${OUT_DIR}/AdGuardHome/AdGuardHome -s install || error_exit "Cannot install AdGuardHome as a service"
rm "${PKG_NAME}"
log_info "AdGuard Home is now installed and running."
log_info "You can control the service status with the following commands:"
log_info " sudo ${OUT_DIR}/AdGuardHome/AdGuardHome -s start|stop|restart|status|install|uninstall"
}
main "$@"