Dns DoH gateway tutorial out of date?
dashdruid
dashdruid at protonmail.ch
Wed Sep 15 17:39:15 UTC 2021
Hello,
I trying to follow this tutorial (which works for DoT but not DoH):
https://www.nginx.com/blog/using-nginx-as-dot-doh-gateway/
I have all these installed:
nginx-1.16.1-r6 armv7 {nginx} (BSD-2-Clause) [installed]
nginx-1.16.1-r8 armv7 {nginx} (BSD-2-Clause) [upgradable from: nginx-1.16.1-r6]
nginx-mod-http-geoip2-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
collectd-nginx-5.9.2-r0 armv7 {collectd} (GPL-2.0-or-later)
nginx-mod-mail-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-lua-upstream-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-stream-js-1.16.1-r8 armv7 {nginx} (BSD-2-Clause) [installed]
nginx-mod-http-upload-progress-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-rtmp-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
bareos-webui-nginx-18.2.6-r2 armv7 {bareos} (AGPL-3.0)
nginx-mod-http-echo-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-set-misc-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
patchwork-uwsgi-nginx-2.1.4-r1 armv7 {patchwork} (GPL-2.0-or-later)
perl-test-nginx-doc-0.26-r0 armv7 {perl-test-nginx} (BSD)
nginx-mod-http-image-filter-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-nchan-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-debug-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-lua-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-stream-geoip2-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-shibboleth-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-cache-purge-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
perl-test-nginx-0.26-r0 armv7 {perl-test-nginx} (BSD)
certbot-nginx-1.0.0-r0 armv7 {certbot-nginx} (Apache)
nginx-mod-http-fancyindex-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-redis2-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-geoip-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-headers-more-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-stream-1.16.1-r8 armv7 {nginx} (BSD-2-Clause) [installed]
nginx-mod-http-xslt-filter-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-vim-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-devel-kit-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-perl-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-js-1.16.1-r8 armv7 {nginx} (BSD-2-Clause) [installed]
nginx-mod-http-upstream-fair-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-http-vod-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-doc-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
nginx-mod-stream-geoip-1.16.1-r8 armv7 {nginx} (BSD-2-Clause)
I have configured everything according the tutorial, downloaded the njs package. When I try to test with:
curl -v -k -H 'accept: application/dns-json' 'https://doh.myserver.lan/dns-query?name=google.com&type=A'
I get 502 bad gateway. This is what's in the error log:
2021/09/15 19:32:22 [error] 185#185: *10 upstream prematurely closed connection while reading response header from upstream, client: 172.17.0.1, server: doh.myserver.lan, request: "GET /dns-query?name=google.com&type=A HTTP/2.0", upstream: "http://127.0.0.1:8053/dns-query?name=google.com&type=A", host: "doh.myserver.lan"
The upstream DNS works because DoT using the same and that works.
More information about the nginx
mailing list