Privat dns with nginx

i found this smal script:

has anyone tested it, is this working?
The reason is i will setup my server also as privat dns over tls for mobile devices.

This is a third party script, neither created nor endorsed by the Pi-hole team.

I am unaware of what it actually tries to accomplish, but note that Android is not on the list of Supported Operating Systems to host Pi-hole.

this script is for debian, but the config is for the option in a android device

install with: Installation - Pi-hole documentation
install also unbound as local dns

apt-get install nginx
apt-get install software-properties-common
apt-get install -y certbot python3-certbot-nginx

certbot certonly --webroot -w "/var/www/html/" --preferred-challenges http -m "" -d "" -n --agree-tos --no-eff-email

Create a new directory named streams inside /etc/nginx/ and create a file dns-over-tls inside of streams directory with the below content

make sure to replace {dns_domain_name} with the actual domain name you decided to use

upstream dns-servers {
server {
listen 853 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/{dns_domain_name}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{dns_domain_name}/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
proxy_pass dns-servers;

Edit /etc/nginx/nginx.conf and add the below lines which tells nginx to auto include config files inside of streams directory

stream {
include /etc/nginx/streams/*;

Remove all the other server config which are located inside of /etc/nginx/sites-available/ AND /etc/nginx/sites-enabled/

sudo rm -rf /etc/nginx/sites-available/*
sudo rm -rf /etc/nginx/sites-enabled/*
sudo service nginx start

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.