Pull request 180: AG-25266 encryption
Merge in GO/adguard-home-wiki from AG-25266-encryption to master Squashed commit of the following: commit 92928fc7a07b529d3ae31ea648cdcc62fdfe4691 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Aug 29 20:17:37 2023 +0300 all: imp fmt, add hdrs commit 7445bd8d5af34d394803f7b5b90d1e271826848a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Aug 29 19:50:53 2023 +0300 Envryption: fix copies commit 7008320fa75ec27fe5cd506fce7f7d00d1ab1bf3 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Aug 29 19:48:27 2023 +0300 all: add hsts example
parent
83a59f6bf8
commit
b3490ee566
|
@ -214,7 +214,7 @@ your machine:
|
|||
the `/etc/systemd/resolved.conf.d` directory if needed) and add the
|
||||
following content to it:
|
||||
|
||||
```none
|
||||
```service
|
||||
[Resolve]
|
||||
DNS=127.0.0.1
|
||||
DNSStubListener=no
|
||||
|
|
|
@ -17,13 +17,14 @@ AdGuard Home.
|
|||
1. [Install AdGuard Home on your server](#install)
|
||||
1. [Register a domain name](#register)
|
||||
1. [Get an SSL certificate](#certificate)
|
||||
* [Install CertBot](#certbot)
|
||||
* [Using CertBot](#certbot)
|
||||
* [Get a certificate using DNS challenge](#certbot-dnschallenge)
|
||||
* [Alternative to CertBot: Lego](#lego)
|
||||
* [Using Lego](#lego)
|
||||
1. [Configure AdGuard Home](#configure-home)
|
||||
1. [Using with reverse proxy](#reverse-proxy)
|
||||
* [Nginx](#nginx)
|
||||
* [Cloudflare CDN](#cf-cdn)
|
||||
* [Other Headers](#other-hdrs)
|
||||
1. [Configure your devices](#configure-devices)
|
||||
* [Android](#android)
|
||||
* [iOS](#ios)
|
||||
|
@ -80,7 +81,7 @@ Security Research Group (ISRG).
|
|||
|
||||
In this guide I'll explain how to get a certificate from them.
|
||||
|
||||
### <a href="#certbot" id="certbot" name="certbot">Install CertBot</a>
|
||||
### <a href="#certbot" id="certbot" name="certbot">Using CertBot</a>
|
||||
|
||||
Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt.
|
||||
|
||||
|
@ -89,7 +90,7 @@ Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt
|
|||
1. Follow the installation instructions, and stop there – don't get to the "Get
|
||||
Started" section.
|
||||
|
||||
### <a href="#certbot-dnschallenge" id="certbot-dnschallenge" name="certbot-dnschallenge">Get a certificate using DNS challenge</a>
|
||||
#### <a href="#certbot-dnschallenge" id="certbot-dnschallenge" name="certbot-dnschallenge">Get a certificate using DNS challenge</a>
|
||||
|
||||
You have just got a domain name so I suppose using DNS challenge will be the
|
||||
easiest way to get a certificate.
|
||||
|
@ -111,7 +112,7 @@ Both will be necessary to configure AdGuard Home.
|
|||
> You will need to use the very same procedure to renew the existing
|
||||
> certificate.
|
||||
|
||||
### <a href="#lego" id="lego" name="lego">Alternative to CertBot: Lego</a>
|
||||
### <a href="#lego" id="lego" name="lego">Using Lego</a>
|
||||
|
||||
There's also a really nice and easy-to-use alternative to CertBot called
|
||||
[lego][lego-source].
|
||||
|
@ -186,7 +187,7 @@ their hostnames.
|
|||
For example, if the configuration of the reverse proxy server contains the
|
||||
following directives:
|
||||
|
||||
```none
|
||||
```nginx
|
||||
location /dns-query {
|
||||
# …
|
||||
proxy_set_header Host $host;
|
||||
|
@ -210,6 +211,23 @@ inserted into `trusted_proxies` list directly. An official Cloudflare's
|
|||
reference on restoring the original visitor's IP may be found
|
||||
[here][cloudflare-real-ip].
|
||||
|
||||
### <a href="#other-hdrs" id="other-hdrs" name="other-hdrs">Other Headers</a>
|
||||
|
||||
Other HTTP headers may be supported by AdGuard Home in the future. However, any
|
||||
headers-related feature requests should first be tried to be resolved by
|
||||
configuring the reverse proxy itself.
|
||||
|
||||
For example, to implement the [HTTP Strict Transport Security][hsts] mechanism,
|
||||
something like the following piece of configuration might be used:
|
||||
|
||||
```nginx
|
||||
location /dns-query {
|
||||
# …
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
# …
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
|
||||
[reverse-proxy-faq]: https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#how-to-configure-a-reverse-proxy-server-for-adguard-home
|
||||
|
@ -217,6 +235,7 @@ reference on restoring the original visitor's IP may be found
|
|||
[cloudflare-headers]: https://support.cloudflare.com/hc/en-us/articles/200170986
|
||||
[cloudflare-addresses]: https://www.cloudflare.com/ips
|
||||
[cloudflare-real-ip]: https://support.cloudflare.com/hc/en-us/articles/200170786
|
||||
[hsts]: https://datatracker.ietf.org/doc/html/rfc6797
|
||||
|
||||
|
||||
|
||||
|
|
13
FAQ.md
13
FAQ.md
|
@ -344,9 +344,11 @@ If you're already running a web server and want to access the AdGuard Home
|
|||
dashboard UI from a URL like `http://YOUR_SERVER/aghome/`, you can use this
|
||||
configuration for your web server:
|
||||
|
||||
|
||||
|
||||
### nginx
|
||||
|
||||
```none
|
||||
```nginx
|
||||
location /aghome/ {
|
||||
proxy_cookie_path / /aghome/;
|
||||
proxy_pass http://AGH_IP:AGH_PORT/;
|
||||
|
@ -368,8 +370,8 @@ location /aghome/ {
|
|||
}
|
||||
```
|
||||
|
||||
Or, if you just want to serve AdGuard Home with automatic TLS, use
|
||||
a configuration similar to the example shown below:
|
||||
Or, if you just want to serve AdGuard Home with automatic TLS, use a
|
||||
configuration similar to the example shown below:
|
||||
|
||||
```none
|
||||
DOMAIN {
|
||||
|
@ -393,9 +395,10 @@ AdGuard Home respond to DoH requests without TLS encryption.
|
|||
|
||||
**Since v0.107.0,** you can set the parameter `trusted_proxies` to the IP
|
||||
address(es) of your HTTP proxy to make AdGuard Home take the headers containing
|
||||
the real client IP address into account. See the [configuration page][conf] for
|
||||
more information.
|
||||
the real client IP address into account. See the [configuration][conf] and
|
||||
[encryption][encr] pages for more information.
|
||||
|
||||
[encr]: https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption#reverse-proxy
|
||||
[conf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
|
||||
|
||||
|
||||
|
|
10
VPS.md
10
VPS.md
|
@ -7,20 +7,20 @@ To run AdGuard Home on a VPS, you need a server with Debian 8 or 9, x64 or x32.
|
|||
## Initial installation
|
||||
|
||||
First let's ensure that your VPS has necessary minimal requirements, run this as root:
|
||||
```bash
|
||||
```sh
|
||||
apt-get install sudo nano bind9-host
|
||||
```
|
||||
|
||||
Go to [AdGuard Home page](https://github.com/AdguardTeam/AdGuardHome#installation) and download binaries for your architecture (64-bit Linux in this example).
|
||||
|
||||
To download AdGuard Home and unpack it execute following commands:
|
||||
```bash
|
||||
```sh
|
||||
wget https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz
|
||||
tar xvf AdGuardHome_linux_amd64.tar.gz
|
||||
```
|
||||
|
||||
You can find out the directory where you've unpacked it to by running these commands:
|
||||
```bash
|
||||
```sh
|
||||
cd AdGuardHome
|
||||
pwd
|
||||
```
|
||||
|
@ -36,12 +36,12 @@ Here are the other commands you might need to control the service.
|
|||
* `AdGuardHome -s status` - shows the current service status.
|
||||
|
||||
You can verify that it's working properly by running this command:
|
||||
```bash
|
||||
```sh
|
||||
host doubleclick.net 127.0.0.1
|
||||
```
|
||||
|
||||
If everything works correctly, you will get this output:
|
||||
```
|
||||
```none
|
||||
Using domain server:
|
||||
Name: 127.0.0.1
|
||||
Address: 127.0.0.1#53
|
||||
|
|
Loading…
Reference in New Issue