From 50ff93c0c75eb429ee7b0f5347211fadc1657fe1 Mon Sep 17 00:00:00 2001 From: Ingmar Stein <490610+IngmarStein@users.noreply.github.com> Date: Thu, 26 Feb 2026 21:38:51 +0100 Subject: [PATCH] Add support for Unix sockets for Web Service and DoH This adds support for listening on Unix domain sockets in addition to TCP ports for both the Web Service (HTTP/HTTPS) and DNS-over-HTTPS (DoH). Unix sockets are often used for these reasons: - Secure Local IPC: They allow secure, high-performance connections from a local reverse proxy (like Nginx or HAProxy) without exposing the service on local TCP ports, which could be accessible to other local users or processes. - Performance: They avoid the overhead of the TCP/IP networking stack (routing, packet encapsulation, etc.), leading to lower latency and higher throughput for proxy setups. - Security: Access to Unix sockets can be strictly controlled using standard file system permissions (chown/chmod), providing an additional layer of security over local TCP loopback binding. The configuration has been updated to support a single Unix socket path for HTTP and HTTPS variants of the Web UI and DoH services. --- DnsServerCore/Dns/DnsServer.cs | 98 +++++++++++++++++++++++++- DnsServerCore/DnsWebService.cs | 76 +++++++++++++++++++- DnsServerCore/WebServiceAuthApi.cs | 1 + DnsServerCore/WebServiceSettingsApi.cs | 42 +++++++++++ DnsServerCore/www/index.html | 32 +++++++++ DnsServerCore/www/js/main.js | 24 ++++++- 6 files changed, 267 insertions(+), 6 deletions(-) diff --git a/DnsServerCore/Dns/DnsServer.cs b/DnsServerCore/Dns/DnsServer.cs index ffbfbf8db..16bbe979a 100644 --- a/DnsServerCore/Dns/DnsServer.cs +++ b/DnsServerCore/Dns/DnsServer.cs @@ -190,6 +190,8 @@ enum ServiceState int _dnsOverTlsPort = 853; int _dnsOverHttpsPort = 443; int _dnsOverQuicPort = 853; + string _dnsOverHttpUnixSocket; + string _dnsOverHttpsUnixSocket; string _dnsTlsCertificatePath; string _dnsTlsCertificatePassword; string _dnsOverHttpRealIpHeader = "X-Real-IP"; @@ -632,7 +634,7 @@ private void ReadConfigFrom(Stream s, bool isConfigTransfer) throw new InvalidDataException("DNS Server config file format is invalid."); int version = bR.ReadByte(); - if ((version < 1) || (version > 2)) + if ((version < 1) || (version > 3)) throw new InvalidDataException("DNS Server config version not supported."); //general @@ -1078,6 +1080,23 @@ private void ReadConfigFrom(Stream s, bool isConfigTransfer) int maxStatFileDays = bR.ReadInt32(); if (!isConfigTransfer) _statsManager.MaxStatFileDays = maxStatFileDays; + + if (version >= 3) + { + if (bR.ReadByte() > 0) + { + string socket = bR.ReadShortString(); + if (!isConfigTransfer) + _dnsOverHttpUnixSocket = socket; + } + + if (bR.ReadByte() > 0) + { + string socket = bR.ReadShortString(); + if (!isConfigTransfer) + _dnsOverHttpsUnixSocket = socket; + } + } } private void WriteConfigTo(Stream s) @@ -1085,7 +1104,7 @@ private void WriteConfigTo(Stream s) BinaryWriter bW = new BinaryWriter(s); bW.Write(Encoding.ASCII.GetBytes("DC")); //format - bW.Write((byte)2); //version + bW.Write((byte)3); //version //general bW.WriteShortString(_serverDomain); @@ -1359,6 +1378,26 @@ private void WriteConfigTo(Stream s) bW.Write(_queryLog is not null); //log all queries bW.Write(_statsManager.EnableInMemoryStats); bW.Write(_statsManager.MaxStatFileDays); + + if (string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket)) + { + bW.Write((byte)0); + } + else + { + bW.Write((byte)1); + bW.WriteShortString(_dnsOverHttpUnixSocket); + } + + if (string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket)) + { + bW.Write((byte)0); + } + else + { + bW.Write((byte)1); + bW.WriteShortString(_dnsOverHttpsUnixSocket); + } } #endregion @@ -5998,6 +6037,9 @@ private async Task StartDoHAsync(bool throwIfBindFails) { foreach (IPAddress localAddress in localAddresses) serverOptions.Listen(localAddress, _dnsOverHttpPort); + + if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket)) + serverOptions.ListenUnixSocket(_dnsOverHttpUnixSocket); } //bind to https port @@ -6020,6 +6062,22 @@ private async Task StartDoHAsync(bool throwIfBindFails) }, null); }); } + + if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket)) + { + serverOptions.ListenUnixSocket(_dnsOverHttpsUnixSocket, delegate (ListenOptions listenOptions) + { + if (IsHttp2Supported()) + listenOptions.Protocols = HttpProtocols.Http1AndHttp2; + else + listenOptions.Protocols = HttpProtocols.Http1; + + listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) + { + return ValueTask.FromResult(_dohSslServerAuthenticationOptions); + }, null); + }); + } } serverOptions.AddServerHeader = false; @@ -6061,6 +6119,18 @@ private async Task StartDoHAsync(bool throwIfBindFails) if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null)) _log.Write(new IPEndPoint(localAddress, _dnsOverHttpsPort), "Https", "DNS Server was bound successfully."); } + + if (_enableDnsOverHttp) + { + if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"DNS Server was bound successfully on unix socket: {_dnsOverHttpUnixSocket}"); + } + + if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null)) + { + if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"DNS Server was bound successfully on unix socket: {_dnsOverHttpsUnixSocket}"); + } } catch (Exception ex) { @@ -6075,6 +6145,18 @@ private async Task StartDoHAsync(bool throwIfBindFails) _log.Write(new IPEndPoint(localAddress, _dnsOverHttpsPort), "Https", "DNS Server failed to bind."); } + if (_enableDnsOverHttp) + { + if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"DNS Server failed to bind on unix socket: {_dnsOverHttpUnixSocket}"); + } + + if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null)) + { + if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"DNS Server failed to bind on unix socket: {_dnsOverHttpsUnixSocket}"); + } + _log.Write(ex); if (throwIfBindFails) @@ -7212,6 +7294,18 @@ public int DnsOverQuicPort } } + public string DnsOverHttpUnixSocket + { + get { return _dnsOverHttpUnixSocket; } + set { _dnsOverHttpUnixSocket = value; } + } + + public string DnsOverHttpsUnixSocket + { + get { return _dnsOverHttpsUnixSocket; } + set { _dnsOverHttpsUnixSocket = value; } + } + public string DnsTlsCertificatePath { get { return _dnsTlsCertificatePath; } } diff --git a/DnsServerCore/DnsWebService.cs b/DnsServerCore/DnsWebService.cs index c1185425f..b6c66f72c 100644 --- a/DnsServerCore/DnsWebService.cs +++ b/DnsServerCore/DnsWebService.cs @@ -93,6 +93,8 @@ public sealed partial class DnsWebService : IAsyncDisposable, IDisposable //web service IReadOnlyList _webServiceLocalAddresses = [IPAddress.Any, IPAddress.IPv6Any]; + string _webServiceHttpUnixSocket; + string _webServiceTlsUnixSocket; int _webServiceHttpPort = 5380; int _webServiceTlsPort = 53443; bool _webServiceEnableTls; @@ -438,7 +440,7 @@ private void ReadConfigFrom(Stream s) throw new InvalidDataException("Web Service config file format is invalid."); int version = bR.ReadByte(); - if (version > 1) + if (version > 2) throw new InvalidDataException("Web Service config version not supported."); _webServiceHttpPort = bR.ReadInt32(); @@ -499,6 +501,19 @@ private void ReadConfigFrom(Stream s) CheckAndLoadSelfSignedCertificate(false, false); _webServiceRealIpHeader = bR.ReadShortString(); + + if (version >= 2) + { + if (bR.ReadByte() > 0) + { + _webServiceHttpUnixSocket = bR.ReadShortString(); + } + + if (bR.ReadByte() > 0) + { + _webServiceTlsUnixSocket = bR.ReadShortString(); + } + } } private void WriteConfigTo(Stream s) @@ -506,7 +521,7 @@ private void WriteConfigTo(Stream s) BinaryWriter bW = new BinaryWriter(s); bW.Write(Encoding.ASCII.GetBytes("WC")); //format - bW.Write((byte)1); //version + bW.Write((byte)2); //version bW.Write(_webServiceHttpPort); bW.Write(_webServiceTlsPort); @@ -534,6 +549,26 @@ private void WriteConfigTo(Stream s) bW.WriteShortString(_webServiceTlsCertificatePassword); bW.WriteShortString(_webServiceRealIpHeader); + + if (string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket)) + { + bW.Write((byte)0); + } + else + { + bW.Write((byte)1); + bW.WriteShortString(_webServiceHttpUnixSocket); + } + + if (string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket)) + { + bW.Write((byte)0); + } + else + { + bW.Write((byte)1); + bW.WriteShortString(_webServiceTlsUnixSocket); + } } #endregion @@ -1547,6 +1582,9 @@ private async Task StartWebServiceAsync(bool httpOnlyMode) foreach (IPAddress webServiceLocalAddress in _webServiceLocalAddresses) serverOptions.Listen(webServiceLocalAddress, _webServiceHttpPort); + if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket)) + serverOptions.ListenUnixSocket(_webServiceHttpUnixSocket); + //https if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null)) { @@ -1567,6 +1605,22 @@ private async Task StartWebServiceAsync(bool httpOnlyMode) }, null); }); } + + if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket)) + { + serverOptions.ListenUnixSocket(_webServiceTlsUnixSocket, delegate (ListenOptions listenOptions) + { + if (IsHttp2Supported()) + listenOptions.Protocols = HttpProtocols.Http1AndHttp2; + else + listenOptions.Protocols = HttpProtocols.Http1; + + listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) + { + return ValueTask.FromResult(_webServiceSslServerAuthenticationOptions); + }, null); + }); + } } serverOptions.AddServerHeader = false; @@ -1611,6 +1665,15 @@ private async Task StartWebServiceAsync(bool httpOnlyMode) if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null)) _log.Write(new IPEndPoint(webServiceLocalAddress, _webServiceTlsPort), "Https", "Web Service was bound successfully."); } + + if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"Web Service was bound successfully on unix socket: {_webServiceHttpUnixSocket}"); + + if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null)) + { + if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"Web Service was bound successfully on unix socket: {_webServiceTlsUnixSocket}"); + } } catch { @@ -1624,6 +1687,15 @@ private async Task StartWebServiceAsync(bool httpOnlyMode) _log.Write(new IPEndPoint(webServiceLocalAddress, _webServiceTlsPort), "Https", "Web Service failed to bind."); } + if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"Web Service failed to bind on unix socket: {_webServiceHttpUnixSocket}"); + + if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null)) + { + if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket)) + _log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"Web Service failed to bind on unix socket: {_webServiceTlsUnixSocket}"); + } + throw; } } diff --git a/DnsServerCore/WebServiceAuthApi.cs b/DnsServerCore/WebServiceAuthApi.cs index 40ead56e9..67beb5e09 100644 --- a/DnsServerCore/WebServiceAuthApi.cs +++ b/DnsServerCore/WebServiceAuthApi.cs @@ -70,6 +70,7 @@ private void WriteCurrentSessionDetails(Utf8JsonWriter jsonWriter, UserSession c jsonWriter.WriteStartObject("info"); jsonWriter.WriteString("version", _dnsWebService.GetServerVersion()); + jsonWriter.WriteBoolean("supportsUnixSockets", Environment.OSVersion.Platform == PlatformID.Unix || Environment.OSVersion.Platform == PlatformID.MacOSX); jsonWriter.WriteString("uptimestamp", _dnsWebService._uptimestamp); jsonWriter.WriteString("dnsServerDomain", _dnsWebService._dnsServer.ServerDomain); jsonWriter.WriteNumber("defaultRecordTtl", _dnsWebService._dnsServer.AuthZoneManager.DefaultRecordTtl); diff --git a/DnsServerCore/WebServiceSettingsApi.cs b/DnsServerCore/WebServiceSettingsApi.cs index 5dbc7cb26..112be1f1e 100644 --- a/DnsServerCore/WebServiceSettingsApi.cs +++ b/DnsServerCore/WebServiceSettingsApi.cs @@ -242,6 +242,9 @@ private void WriteDnsSettings(Utf8JsonWriter jsonWriter) jsonWriter.WriteEndArray(); + jsonWriter.WriteString("webServiceHttpUnixSocket", _dnsWebService._webServiceHttpUnixSocket); + jsonWriter.WriteString("webServiceTlsUnixSocket", _dnsWebService._webServiceTlsUnixSocket); + jsonWriter.WriteNumber("webServiceHttpPort", _dnsWebService._webServiceHttpPort); jsonWriter.WriteBoolean("webServiceEnableTls", _dnsWebService._webServiceEnableTls); jsonWriter.WriteBoolean("webServiceEnableHttp3", _dnsWebService._webServiceEnableHttp3); @@ -267,6 +270,9 @@ private void WriteDnsSettings(Utf8JsonWriter jsonWriter) jsonWriter.WriteNumber("dnsOverHttpsPort", _dnsWebService._dnsServer.DnsOverHttpsPort); jsonWriter.WriteNumber("dnsOverQuicPort", _dnsWebService._dnsServer.DnsOverQuicPort); + jsonWriter.WriteString("dnsOverHttpUnixSocket", _dnsWebService._dnsServer.DnsOverHttpUnixSocket); + jsonWriter.WriteString("dnsOverHttpsUnixSocket", _dnsWebService._dnsServer.DnsOverHttpsUnixSocket); + jsonWriter.WritePropertyName("reverseProxyNetworkACL"); { jsonWriter.WriteStartArray(); @@ -901,6 +907,24 @@ public async Task SetDnsSettingsAsync(HttpContext context) _dnsWebService._webServiceLocalAddresses = WebUtilities.GetValidKestrelLocalAddresses(webServiceLocalAddresses); } + if (request.TryGetQueryOrForm("webServiceHttpUnixSocket", out string webServiceHttpUnixSocket)) + { + if (_dnsWebService._webServiceHttpUnixSocket != webServiceHttpUnixSocket) + { + restartWebService = true; + } + _dnsWebService._webServiceHttpUnixSocket = webServiceHttpUnixSocket; + } + + if (request.TryGetQueryOrForm("webServiceTlsUnixSocket", out string webServiceTlsUnixSocket)) + { + if (_dnsWebService._webServiceTlsUnixSocket != webServiceTlsUnixSocket) + { + restartWebService = true; + } + _dnsWebService._webServiceTlsUnixSocket = webServiceTlsUnixSocket; + } + if (request.TryGetQueryOrForm("webServiceHttpPort", int.Parse, out int webServiceHttpPort)) { if (_dnsWebService._webServiceHttpPort != webServiceHttpPort) @@ -1117,6 +1141,24 @@ public async Task SetDnsSettingsAsync(HttpContext context) } } + if (request.TryGetQueryOrForm("dnsOverHttpUnixSocket", out string dnsOverHttpUnixSocket)) + { + if (_dnsWebService._dnsServer.DnsOverHttpUnixSocket != dnsOverHttpUnixSocket) + { + restartDnsService = true; + } + _dnsWebService._dnsServer.DnsOverHttpUnixSocket = dnsOverHttpUnixSocket; + } + + if (request.TryGetQueryOrForm("dnsOverHttpsUnixSocket", out string dnsOverHttpsUnixSocket)) + { + if (_dnsWebService._dnsServer.DnsOverHttpsUnixSocket != dnsOverHttpsUnixSocket) + { + restartDnsService = true; + } + _dnsWebService._dnsServer.DnsOverHttpsUnixSocket = dnsOverHttpsUnixSocket; + } + if (request.TryGetQueryOrFormArray("reverseProxyNetworkACL", NetworkAccessControl.Parse, out NetworkAccessControl[] reverseProxyNetworkACL)) _dnsWebService._dnsServer.ReverseProxyNetworkACL = reverseProxyNetworkACL; diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index 5f5b75e2b..fde60b948 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -1335,6 +1335,22 @@

Local addresses are the network interface IP addresses you want the web service to listen for requests. ANY addresses (0.0.0.0 & [::]) cannot be used together with unicast IP addresses. The web server uses dual-mode sockets by default so the IPv6 ANY address ([::]) works for IPv4 too. The default values work for most scenarios so, do not change these defaults unless you have a requirement for the web service to listen on specific networks. Configured unicast IP addresses will be included as Subject Alternative Name (SAN) in the self signed TLS certificate.
+
+ +
+ +
+
Optional Unix domain socket path you want the web service to listen on for HTTP requests.
+
+ +
+ +
+ +
+
Optional Unix domain socket path you want the web service to listen on for HTTPS requests.
+
+
@@ -1502,6 +1518,14 @@

Specify the TCP port number for DNS-over-HTTP protocol.

+
+ +
+ +
+
Optional Unix domain socket path you want the DNS server to listen on for DNS-over-HTTP protocol requests.
+
+
@@ -1520,6 +1544,14 @@

Specify the TCP port number for DNS-over-HTTPS protocol.

+
+ +
+ +
+
Optional Unix domain socket path you want the DNS server to listen on for DNS-over-HTTPS protocol requests.
+
+
diff --git a/DnsServerCore/www/js/main.js b/DnsServerCore/www/js/main.js index 8518f1d52..51ab3ce57 100644 --- a/DnsServerCore/www/js/main.js +++ b/DnsServerCore/www/js/main.js @@ -300,6 +300,7 @@ $(function () { $("#chkWebServiceHttpToTlsRedirect").prop("disabled", !webServiceEnableTls); $("#chkWebServiceUseSelfSignedTlsCertificate").prop("disabled", !webServiceEnableTls); $("#txtWebServiceTlsPort").prop("disabled", !webServiceEnableTls); + $("#txtWebServiceTlsUnixSocket").prop("disabled", !webServiceEnableTls); $("#txtWebServiceTlsCertificatePath").prop("disabled", !webServiceEnableTls); $("#txtWebServiceTlsCertificatePassword").prop("disabled", !webServiceEnableTls); }); @@ -331,6 +332,7 @@ $(function () { var enableDnsOverHttps = $("#chkEnableDnsOverHttps").prop("checked"); $("#txtDnsOverHttpPort").prop("disabled", !enableDnsOverHttp); + $("#txtDnsOverHttpUnixSocket").prop("disabled", !enableDnsOverHttp); $("#txtReverseProxyNetworkACL").prop("disabled", !enableDnsOverUdpProxy && !enableDnsOverTcpProxy && !enableDnsOverHttp && !enableDnsOverHttps); $("#txtDnsOverHttpRealIpHeader").prop("disabled", !enableDnsOverHttp && !enableDnsOverHttps); }); @@ -355,6 +357,7 @@ $(function () { $("#chkEnableDnsOverHttp3").prop("disabled", !enableDnsOverHttps); $("#txtDnsOverHttpsPort").prop("disabled", !enableDnsOverHttps); + $("#txtDnsOverHttpsUnixSocket").prop("disabled", !enableDnsOverHttps); $("#txtReverseProxyNetworkACL").prop("disabled", !enableDnsOverUdpProxy && !enableDnsOverTcpProxy && !enableDnsOverHttp && !enableDnsOverHttps); $("#txtDnsTlsCertificatePath").prop("disabled", !enableDnsOverTls && !enableDnsOverHttps && !enableDnsOverQuic); $("#txtDnsTlsCertificatePassword").prop("disabled", !enableDnsOverTls && !enableDnsOverHttps && !enableDnsOverQuic); @@ -994,6 +997,12 @@ function updateDnsSettingsDataAndGui(responseJSON) { } function loadDnsSettings(responseJSON) { + if (sessionData && sessionData.info && sessionData.info.supportsUnixSockets) { + $(".unix-socket-option").show(); + } else { + $(".unix-socket-option").hide(); + } + //update cluster nodes sessionData.info.clusterNodes = responseJSON.response.clusterNodes; updateAllClusterNodeDropDowns(); @@ -1094,12 +1103,15 @@ function loadDnsSettings(responseJSON) { $("#chkWebServiceHttpToTlsRedirect").prop("disabled", !responseJSON.response.webServiceEnableTls); $("#chkWebServiceUseSelfSignedTlsCertificate").prop("disabled", !responseJSON.response.webServiceEnableTls); $("#txtWebServiceTlsPort").prop("disabled", !responseJSON.response.webServiceEnableTls); + $("#txtWebServiceTlsUnixSocket").prop("disabled", !responseJSON.response.webServiceEnableTls); $("#txtWebServiceTlsCertificatePath").prop("disabled", !responseJSON.response.webServiceEnableTls); $("#txtWebServiceTlsCertificatePassword").prop("disabled", !responseJSON.response.webServiceEnableTls); $("#chkWebServiceEnableHttp3").prop("checked", responseJSON.response.webServiceEnableHttp3); $("#chkWebServiceHttpToTlsRedirect").prop("checked", responseJSON.response.webServiceHttpToTlsRedirect); $("#chkWebServiceUseSelfSignedTlsCertificate").prop("checked", responseJSON.response.webServiceUseSelfSignedTlsCertificate); + $("#txtWebServiceHttpUnixSocket").val(responseJSON.response.webServiceHttpUnixSocket); + $("#txtWebServiceTlsUnixSocket").val(responseJSON.response.webServiceTlsUnixSocket); $("#txtWebServiceTlsPort").val(responseJSON.response.webServiceTlsPort); $("#txtWebServiceTlsCertificatePath").val(responseJSON.response.webServiceTlsCertificatePath); @@ -1127,13 +1139,16 @@ function loadDnsSettings(responseJSON) { $("#txtDnsOverHttpPort").prop("disabled", !responseJSON.response.enableDnsOverHttp); $("#txtDnsOverTlsPort").prop("disabled", !responseJSON.response.enableDnsOverTls); $("#txtDnsOverHttpsPort").prop("disabled", !responseJSON.response.enableDnsOverHttps); + $("#txtDnsOverHttpsUnixSocket").prop("disabled", !responseJSON.response.enableDnsOverHttps); $("#txtDnsOverQuicPort").prop("disabled", !responseJSON.response.enableDnsOverQuic); $("#txtDnsOverUdpProxyPort").val(responseJSON.response.dnsOverUdpProxyPort); $("#txtDnsOverTcpProxyPort").val(responseJSON.response.dnsOverTcpProxyPort); $("#txtDnsOverHttpPort").val(responseJSON.response.dnsOverHttpPort); + $("#txtDnsOverHttpUnixSocket").val(responseJSON.response.dnsOverHttpUnixSocket); $("#txtDnsOverTlsPort").val(responseJSON.response.dnsOverTlsPort); $("#txtDnsOverHttpsPort").val(responseJSON.response.dnsOverHttpsPort); + $("#txtDnsOverHttpsUnixSocket").val(responseJSON.response.dnsOverHttpsUnixSocket); $("#txtDnsOverQuicPort").val(responseJSON.response.dnsOverQuicPort); $("#txtReverseProxyNetworkACL").prop("disabled", !responseJSON.response.enableDnsOverUdpProxy && !responseJSON.response.enableDnsOverTcpProxy && !responseJSON.response.enableDnsOverHttp && !responseJSON.response.enableDnsOverHttps); @@ -1631,8 +1646,10 @@ function saveDnsSettings(objBtn) { var webServiceTlsCertificatePath = $("#txtWebServiceTlsCertificatePath").val(); var webServiceTlsCertificatePassword = $("#txtWebServiceTlsCertificatePassword").val(); var webServiceRealIpHeader = $("#txtWebServiceRealIpHeader").val(); + var webServiceHttpUnixSocket = $("#txtWebServiceHttpUnixSocket").val(); + var webServiceTlsUnixSocket = $("#txtWebServiceTlsUnixSocket").val(); - formData += "&webServiceLocalAddresses=" + encodeURIComponent(webServiceLocalAddresses) + "&webServiceHttpPort=" + webServiceHttpPort + "&webServiceEnableTls=" + webServiceEnableTls + "&webServiceEnableHttp3=" + webServiceEnableHttp3 + "&webServiceHttpToTlsRedirect=" + webServiceHttpToTlsRedirect + "&webServiceUseSelfSignedTlsCertificate=" + webServiceUseSelfSignedTlsCertificate + "&webServiceTlsPort=" + webServiceTlsPort + "&webServiceTlsCertificatePath=" + encodeURIComponent(webServiceTlsCertificatePath) + "&webServiceTlsCertificatePassword=" + encodeURIComponent(webServiceTlsCertificatePassword) + "&webServiceRealIpHeader=" + encodeURIComponent(webServiceRealIpHeader); + formData += "&webServiceLocalAddresses=" + encodeURIComponent(webServiceLocalAddresses) + "&webServiceHttpPort=" + webServiceHttpPort + "&webServiceEnableTls=" + webServiceEnableTls + "&webServiceEnableHttp3=" + webServiceEnableHttp3 + "&webServiceHttpToTlsRedirect=" + webServiceHttpToTlsRedirect + "&webServiceUseSelfSignedTlsCertificate=" + webServiceUseSelfSignedTlsCertificate + "&webServiceTlsPort=" + webServiceTlsPort + "&webServiceTlsCertificatePath=" + encodeURIComponent(webServiceTlsCertificatePath) + "&webServiceTlsCertificatePassword=" + encodeURIComponent(webServiceTlsCertificatePassword) + "&webServiceRealIpHeader=" + encodeURIComponent(webServiceRealIpHeader) + "&webServiceHttpUnixSocket=" + encodeURIComponent(webServiceHttpUnixSocket) + "&webServiceTlsUnixSocket=" + encodeURIComponent(webServiceTlsUnixSocket); } //optional protocols @@ -1699,7 +1716,10 @@ function saveDnsSettings(objBtn) { var dnsOverHttpRealIpHeader = $("#txtDnsOverHttpRealIpHeader").val(); - formData += "&enableDnsOverUdpProxy=" + enableDnsOverUdpProxy + "&enableDnsOverTcpProxy=" + enableDnsOverTcpProxy + "&enableDnsOverHttp=" + enableDnsOverHttp + "&enableDnsOverTls=" + enableDnsOverTls + "&enableDnsOverHttps=" + enableDnsOverHttps + "&enableDnsOverHttp3=" + enableDnsOverHttp3 + "&enableDnsOverQuic=" + enableDnsOverQuic + "&dnsOverUdpProxyPort=" + dnsOverUdpProxyPort + "&dnsOverTcpProxyPort=" + dnsOverTcpProxyPort + "&dnsOverHttpPort=" + dnsOverHttpPort + "&dnsOverTlsPort=" + dnsOverTlsPort + "&dnsOverHttpsPort=" + dnsOverHttpsPort + "&dnsOverQuicPort=" + dnsOverQuicPort + "&reverseProxyNetworkACL=" + encodeURIComponent(reverseProxyNetworkACL) + "&dnsTlsCertificatePath=" + encodeURIComponent(dnsTlsCertificatePath) + "&dnsTlsCertificatePassword=" + encodeURIComponent(dnsTlsCertificatePassword) + "&dnsOverHttpRealIpHeader=" + encodeURIComponent(dnsOverHttpRealIpHeader); + var dnsOverHttpUnixSocket = $("#txtDnsOverHttpUnixSocket").val(); + var dnsOverHttpsUnixSocket = $("#txtDnsOverHttpsUnixSocket").val(); + + formData += "&enableDnsOverUdpProxy=" + enableDnsOverUdpProxy + "&enableDnsOverTcpProxy=" + enableDnsOverTcpProxy + "&enableDnsOverHttp=" + enableDnsOverHttp + "&enableDnsOverTls=" + enableDnsOverTls + "&enableDnsOverHttps=" + enableDnsOverHttps + "&enableDnsOverHttp3=" + enableDnsOverHttp3 + "&enableDnsOverQuic=" + enableDnsOverQuic + "&dnsOverUdpProxyPort=" + dnsOverUdpProxyPort + "&dnsOverTcpProxyPort=" + dnsOverTcpProxyPort + "&dnsOverHttpPort=" + dnsOverHttpPort + "&dnsOverHttpUnixSocket=" + encodeURIComponent(dnsOverHttpUnixSocket) + "&dnsOverTlsPort=" + dnsOverTlsPort + "&dnsOverHttpsPort=" + dnsOverHttpsPort + "&dnsOverHttpsUnixSocket=" + encodeURIComponent(dnsOverHttpsUnixSocket) + "&dnsOverQuicPort=" + dnsOverQuicPort + "&reverseProxyNetworkACL=" + encodeURIComponent(reverseProxyNetworkACL) + "&dnsTlsCertificatePath=" + encodeURIComponent(dnsTlsCertificatePath) + "&dnsTlsCertificatePassword=" + encodeURIComponent(dnsTlsCertificatePassword) + "&dnsOverHttpRealIpHeader=" + encodeURIComponent(dnsOverHttpRealIpHeader); } //tsig