jasgud

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by jasgud

  1. My Service provider has terrible DNS. I also suspect they do all kinds of sniffing/traffic logging/advertising with the information they collect when I browse the web on their service. This is regardless of what DNS I use because it is transmitted it plain text. After a bit of research I found the new 1dot (1.1.1.1) cloudflare DNS offers DNS over HTTPS to totally encrypt all DNS traffic leaving my network. The only cavate is it requires using it requires an intermediary service/application called CloudFlareD (aka Argo). Enter Docker/Unraid. Docker/Unraid doesn't seem to have a template setup for it, and since I don't really know how to do that I set one up manually. In the unraid webgui, find the docker section and click add container. Switch to advanced and don't pick a template. Fill out the template as below, leave all fields that aren't mentioned as blank. NOTE: Must have Bridged mode enabled on the unraid network device. Name: cloudflared-proxy-dns Repository: travisez13/cloudflared-proxy-dns Docker Hub URL: https://hub.docker.com/r/travisez13/cloudflared-proxy-dns/ Network Type: br0 Fixed IP address (optional): Any free IP (192.168.0.55) Privileged: ON (DNS port 53 requires this to bind properly) Add 2 extra Ports as per below 1. Name: DNS TCP Host Port: 53 Default Value: 53 Connection Type: TCP Required: Yes 2. Name: DNS UDP Host Port: 53 Default Value: 53 Connection Type: UDP Required: Yes After the docker starts you'll need to test and make sure its running properly by using nslookup in windows 1. Click start and run 2. type in nslookup 3. in the black window type in the below command without quotes "server 192.168.1.10" there 192.168.1.10 is the ip address of the Fixed IP address you selected earlier 4. type an internet address that you know works (google.com, ebay.com, lime-technology.com) and it should reply with an IP address that corrosponds with the site you tried. Once that is confirmed you are ready to change the DNS your DHCP server is sending out. Usually on your ISP router. Since I've done this I've slowly seen a massive drop in sketchy advertising that I suspected was from my ISP. It also has better performance than both my ISP and Google Pub DNS. Plus encrypted DNS, so yeah. I'm happy(ish) now, just have to keep harping on ISP to not be sketchy. Details on cloudflare link below if someone wants to create an actual docker container. https://developers.cloudflare.com/1.1.1.1/dns-over-https/
  2. you don't have port 80 configured to respond. You need to enable the default port 80 response so that letsencrypt can connect to it to verify.
  3. applying this "fix" forces us to port forward http (tcp 80) through our router to access the nginx service so it can be evaluated by letsencrypt. Make sure you have http and https available externally.
  4. You're having some kind of access error to the http session from external servers. You need to forward on your router publicip(publicdomain):80 - unraid:85 so they can test that you own http as well as https.
  5. If your getting the line below then the code wasn't applied correctly. Try putting it in quotes like "HTTPVAL" and "true". I did apply mine through extra parameters and it worked just fine, didn't even think about adding custom variables. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
  6. Your issue is the same one I was having. its because letsencrypt disabled a service. under your container, hit advanced options add the below code into your extra parameters. restart/start the service. Note that this means http (tcp 80) will need to be forwarded as well as https (tcp 443) for validation. -e "HTTPVAL"="true"
  7. Thanks for that. For anyone struggling with this, under extra parameters enter in the below paramater -e "HTTPVAL"="true"
  8. Any suggestion as to how we can deal with the TLS-SNI-01 security flaw detailed below. They seem to have disabled their renew and request system on it. https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983