DNS-over-HTTPS Docker Container

Docker tags:

Tag	dns-over-https Version	Description	Release Date
latest	2.3.3	Latest stable release	2023-09-22

---

• Recent changes, see: GitHub CHANGELOG.md
• Report any bugs, issues or feature requests on GitHub

---

Description

DNS-over-HTTPS container built on Alpine Linux. Recommended to run behind Traefik or other proxy.

---

Usage

---

Basic docker-compose.yml to launch DNS-over-HTTPS server with labels for Traefik.

version: '3'

services:
  dns-over-https:
    image: goofball222/dns-over-https
    container_name: dns-over-https
    restart: unless-stopped
    networks:
      external:
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./dohconf/:/opt/dns-over-https/conf/
    environment:
      - TZ=UTC
    labels:
      - traefik.backend=securedns
      - traefik.frontend.rule=Host:securedns.domain.name
      - traefik.port=8053
      - traefik.docker.network=proxy
      - traefik.enable=true

networks:
  external:
    external:
      name: proxy

---

Basic docker-compose.yml to launch DNS-over-HTTPS client mode

version: '3'

services:
  dns-over-https-client:
    image: goofball222/dns-over-https
    container_name: dns-over-https
    restart: unless-stopped
    networks:
      external:
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./dohconf/:/opt/dns-over-https/conf/
    environment:
      - TZ=UTC
    labels:
      - traefik.backend=securedns
      - traefik.frontend.rule=Host:securedns.domain.name
      - traefik.port=8053
      - traefik.docker.network=proxy
      - traefik.enable=true
    command: ["doh-client"]

networks:
  external:
    external:
      name: proxy

---

Extended docker-compose.yml to launch DNS-over-HTTPS server with Traefik labels attached to Unbound DNS server backend

version: '3'

services:
  unbound:
    image: mvance/unbound
    container_name: unbound
    restart: unless-stopped
    networks:
      external:
    ports:
      - 853:853/tcp
      - 853:853/udp
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      - ./unbound:/opt/unbound/etc/unbound
      - /etc/letsencrypt/live/securedns.domain.name/fullchain.pem:/etc/ssl/certs/cert.pem:ro
      - /etc/letsencrypt/live/securedns.domain.name/privkey.pem:/etc/ssl/certs/key.pem:ro
    environment:
      - TZ=UTC

  dns-over-https:
    image: goofball222/dns-over-https
    container_name: dns-over-https
    restart: unless-stopped
    networks:
      external:
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./doh-conf:/opt/dns-over-https/conf
    environment:
      - TZ=UTC
    labels:
      - traefik.backend=securedns
      - traefik.frontend.rule=Host:securedns.domain.name
      - traefik.port=8053
      - traefik.docker.network=proxy
      - traefik.enable=true

networks:
  external:
    external:
      name: proxy

---

Environment variables:

Variable	Default	Description
DEBUG	false	Set to true for extra entrypoint script verbosity for debugging
PGID	999	Specifies the GID for the container internal process group (used for file ownership)
PUID	999	Specifies the UID for the container internal process user (used for process and file ownership)

DNS-over-HTTPS configuration examples:

DNS-over-HTTPS server example config

DNS-over-HTTPS client example config