Hello forum,
I installed on a server on the internet Pi-Hole and set up nginx with DNS-over-TLS.
So I can very conveniently block the ads, trackers, ... on my Android smartphone on the go without having to use VPN.
Since I also own a domain, the setup was very easy to do.
Now I have a second domain, which I also want to use for DoT queries.
As an example:
dot.domain1.com
dot.domain2.com
But the problem, nginx likes to have only one certificate with key in the configuration.
I can't set up a second domain like this, since I can't use server_name here.
The config:
(/etc/nginx/streams/dns-over-tls)
upstream dns-servers {
server 127.0.0.1:53;
}
server {
listen 853 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dot.domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dot.domain1.com//privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_handshake_timeout 10s;
# ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
proxy_pass dns-servers;
}
How can I add a second domain here?
Port 853 I can only use once for this and Android doesn't allow customizing the port for DoT for example.
CNAME or SRV doesn't work, because then a wrong certificate is waiting for me at the end.
Do I then necessarily need a second IP / a second server?
With DNS over HTTPS I do not have the problem. There I can add multiple domains to the nginx configuration without any problems.
But Android can not do that.