Name		Name	Last commit message	Last commit date
parent directory ..
dns-over-https		dns-over-https
nginx		nginx
unbound		unbound
README.md		README.md
index.html		index.html

README.md

Server Configuration

OS: Ubuntu 18.04 LTS
Reverse Proxy: Nginx
DNS Resolver: Unbound
DoH Proxy: DNS-over-HTTPS

Overview

Our two servers have an identical setup. Here is a deployment diagram as an overview.

Nginx is our reverse proxy which handles connections on port 853/tcp and port 443/tcp. All crypto and certificate configurations are done here.
Unbound is our DNS resolver, all name to IP translation work is done here.
DNS-over-HTTPS is responsible for translating HTTP to DNS and vice versa.

Configuration

index.html /var/www/doh/index.html Our servers welcome and information page. This site is accessable under https://dns.digitale-gesellschaft.ch/.

Nginx

nginx.conf /etc/nginx/nginx.conf Basic Nginx configuration file.
tls.conf /etc/nginx/tls.conf General TLS configuration for all TLS related connections.
doh /etc/nginx/sites-available/doh DoH entry point configuration.
dot /etc/nginx/sites-available/dot DoT entry point configuration.
res /etc/nginx/sites-available/res Administration interface configuration.

Unbound

unbound.conf /etc/unbound/unbound.conf Nginx configuration file.

DNS-over-HTTPS

doh-server.conf /etc/dns-over-https/doh-server.conf DNS-over-HTTPS configuration file.