diff --git a/adguard/DOCS.md b/adguard/DOCS.md index 03fbf83..5a54cdf 100644 --- a/adguard/DOCS.md +++ b/adguard/DOCS.md @@ -85,6 +85,14 @@ authentication on the AdGuard Home by setting it to `true`. **Note**: _We STRONGLY suggest, not to use this, even if this add-on is only exposed to your internal network. USE AT YOUR OWN RISK!_ +## Encryption Settings (Advanced Usage) + +Adguard allows the configuration of running DNS-over-HTTPS and DNS-over- +TLS locally. If you configure these options please ensure to restart the +addon afterwards. Also to use DNS-over-HTTPS correctly please ensure to +configure SSL on the addon as well as in Adguard itself. Also consider +that the addon and Adguard cannot use the same port for SSL. + ## Changelog & Releases This repository keeps a change log using [GitHub's releases][releases] diff --git a/adguard/rootfs/etc/cont-init.d/nginx.sh b/adguard/rootfs/etc/cont-init.d/nginx.sh index 361abf8..e00ead6 100644 --- a/adguard/rootfs/etc/cont-init.d/nginx.sh +++ b/adguard/rootfs/etc/cont-init.d/nginx.sh @@ -3,6 +3,8 @@ # Home Assistant Community Add-on: AdGuard Home # Configures NGINX for use with the AdGuard Home server # ============================================================================== +declare adguard_port=45158 +declare adguard_protocol=http declare admin_port declare certfile declare dns_host @@ -10,6 +12,14 @@ declare ingress_interface declare ingress_port declare keyfile +if bashio::var.true "$(yq read /data/adguard/AdGuardHome.yaml tls.enabled)"; then + adguard_port=$(yq read /data/adguard/AdGuardHome.yaml tls.port_https) + adguard_protocol=https +fi + +sed -i "s#%%port%%#${adguard_port}#g" /etc/nginx/includes/upstream.conf +sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/ingress.conf + admin_port=$(bashio::addon.port 80) if bashio::var.has_value "${admin_port}"; then bashio::config.require.ssl @@ -27,6 +37,7 @@ if bashio::var.has_value "${admin_port}"; then fi sed -i "s/%%port%%/${admin_port}/g" /etc/nginx/servers/direct.conf + sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/direct.conf fi ingress_port=$(bashio::addon.ingress_port) diff --git a/adguard/rootfs/etc/nginx/includes/upstream.conf b/adguard/rootfs/etc/nginx/includes/upstream.conf index 1472b1b..eb4ea3c 100644 --- a/adguard/rootfs/etc/nginx/includes/upstream.conf +++ b/adguard/rootfs/etc/nginx/includes/upstream.conf @@ -1,3 +1,3 @@ upstream backend { - server 127.0.0.1:45158; + server 127.0.0.1:%%port%%; } diff --git a/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled b/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled index 1e4c181..8867bc5 100644 --- a/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled +++ b/adguard/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -10,6 +10,11 @@ server { location / { access_by_lua_file /etc/nginx/lua/ha-auth.lua; - proxy_pass http://backend; + proxy_pass %%protocol%%://backend; } + + location /dns-query { + proxy_pass %%protocol%%://backend; + } + } diff --git a/adguard/rootfs/etc/nginx/servers/direct.disabled b/adguard/rootfs/etc/nginx/servers/direct.disabled index a036b7a..ac4f490 100644 --- a/adguard/rootfs/etc/nginx/servers/direct.disabled +++ b/adguard/rootfs/etc/nginx/servers/direct.disabled @@ -6,6 +6,6 @@ server { location / { access_by_lua_file /etc/nginx/lua/ha-auth.lua; - proxy_pass http://backend; + proxy_pass %%protocol%%://backend; } } diff --git a/adguard/rootfs/etc/nginx/servers/ingress.conf b/adguard/rootfs/etc/nginx/servers/ingress.conf index d655706..070bd10 100644 --- a/adguard/rootfs/etc/nginx/servers/ingress.conf +++ b/adguard/rootfs/etc/nginx/servers/ingress.conf @@ -8,6 +8,6 @@ server { allow 172.30.32.2; deny all; - proxy_pass http://backend; + proxy_pass %%protocol%%://backend; } }