__unbound: wire remote control configuration
This commit is contained in:
parent
25e72d7135
commit
7b9ffb4a41
7 changed files with 40 additions and 6 deletions
|
@ -857,14 +857,14 @@ python:
|
||||||
remote-control:
|
remote-control:
|
||||||
# Enable remote control with unbound-control(8) here.
|
# Enable remote control with unbound-control(8) here.
|
||||||
# set up the keys and certificates with unbound-control-setup.
|
# set up the keys and certificates with unbound-control-setup.
|
||||||
# control-enable: no
|
control-enable: $RC_ENABLE
|
||||||
|
|
||||||
# what interfaces are listened to for remote control.
|
# what interfaces are listened to for remote control.
|
||||||
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
||||||
# set to an absolute path to use a unix local name pipe, certificates
|
# set to an absolute path to use a unix local name pipe, certificates
|
||||||
# are not used for that, so key and cert files need not be present.
|
# are not used for that, so key and cert files need not be present.
|
||||||
# control-interface: 127.0.0.1
|
# control-interface: 127.0.0.1
|
||||||
# control-interface: ::1
|
control-interface: $RC_INTERFACE
|
||||||
|
|
||||||
# port number for remote control operations.
|
# port number for remote control operations.
|
||||||
# control-port: 8953
|
# control-port: 8953
|
||||||
|
@ -874,16 +874,16 @@ remote-control:
|
||||||
# control-use-cert: "yes"
|
# control-use-cert: "yes"
|
||||||
|
|
||||||
# unbound server key file.
|
# unbound server key file.
|
||||||
# server-key-file: "/unbound_server.key"
|
server-key-file: "$RC_SERVER_KEY_FILE"
|
||||||
|
|
||||||
# unbound server certificate file.
|
# unbound server certificate file.
|
||||||
# server-cert-file: "/unbound_server.pem"
|
server-cert-file: "$RC_SERVER_CERT_FILE"
|
||||||
|
|
||||||
# unbound-control key file.
|
# unbound-control key file.
|
||||||
# control-key-file: "/unbound_control.key"
|
control-key-file: "$RC_CONTROL_KEY_FILE"
|
||||||
|
|
||||||
# unbound-control certificate file.
|
# unbound-control certificate file.
|
||||||
# control-cert-file: "/unbound_control.pem"
|
control-cert-file: "$RC_CONTROL_CERT_FILE"
|
||||||
|
|
||||||
# Stub zones.
|
# Stub zones.
|
||||||
# Create entries like below, to make all queries for 'example.com' and
|
# Create entries like below, to make all queries for 'example.com' and
|
||||||
|
|
8
type/__unbound/gencode-remote
Executable file
8
type/__unbound/gencode-remote
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
UNBOUND_CERTS_DIR=/etc/unbound
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/enable_rc" ]; then
|
||||||
|
echo "unbound-control-setup -d $UNBOUND_CERTS_DIR"
|
||||||
|
echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key"
|
||||||
|
fi
|
|
@ -31,6 +31,9 @@ access_control
|
||||||
but localhost is refused by default), can be provided multiple times. The
|
but localhost is refused by default), can be provided multiple times. The
|
||||||
format is described in unbound.conf(5).
|
format is described in unbound.conf(5).
|
||||||
|
|
||||||
|
rc_interface
|
||||||
|
Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`).
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
disable-ip4
|
disable-ip4
|
||||||
|
@ -41,6 +44,9 @@ disable-ip6
|
||||||
Do not answer or issue queries over IPv6. Cannot be used alongside the
|
Do not answer or issue queries over IPv6. Cannot be used alongside the
|
||||||
`--disable-ip4` flag.
|
`--disable-ip4` flag.
|
||||||
|
|
||||||
|
enable_rc
|
||||||
|
Enable remote control (see `unbound-control(8)`).
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
|
|
|
@ -49,6 +49,11 @@ if [ -f "$__object/parameter/access_control" ]; then
|
||||||
export ACCESS_CONTROLS
|
export ACCESS_CONTROLS
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/rc_interface" ]; then
|
||||||
|
RC_INTERFACE=$(cat "$__object/parameter/rc_interface")
|
||||||
|
export RC_INTERFACE
|
||||||
|
fi
|
||||||
|
|
||||||
# Boolean parameters:
|
# Boolean parameters:
|
||||||
if [ -f "$__object/parameter/disable_ip4" ] && \
|
if [ -f "$__object/parameter/disable_ip4" ] && \
|
||||||
[ -f "$__object/parameter/disable_ip6" ]; then
|
[ -f "$__object/parameter/disable_ip6" ]; then
|
||||||
|
@ -68,6 +73,18 @@ else
|
||||||
export DO_IP6='yes'
|
export DO_IP6='yes'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/enable_rc" ]; then
|
||||||
|
export RC_ENABLE='yes'
|
||||||
|
else
|
||||||
|
export RC_ENABLE='no'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Certs for remote control:
|
||||||
|
export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
|
||||||
|
export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem'
|
||||||
|
export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
|
||||||
|
export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'
|
||||||
|
|
||||||
# Generate and deploy configuration files.
|
# Generate and deploy configuration files.
|
||||||
source_file="$__object/files/unbound.conf"
|
source_file="$__object/files/unbound.conf"
|
||||||
target_file="/etc/unbound/unbound.conf"
|
target_file="/etc/unbound/unbound.conf"
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
disable_ip6
|
disable_ip6
|
||||||
disable_ip4
|
disable_ip4
|
||||||
|
enable_rc
|
||||||
|
|
1
type/__unbound/parameter/default/rc_interface
Normal file
1
type/__unbound/parameter/default/rc_interface
Normal file
|
@ -0,0 +1 @@
|
||||||
|
127.0.0.1
|
1
type/__unbound/parameter/optional
Normal file
1
type/__unbound/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
||||||
|
rc_interface
|
Loading…
Reference in a new issue