unbound: add doh-local.sample

Works otherwise, but self-signed cert didn't satisfy Chromium I wanted to point at it
2024-11-22 11:19:22 +01:00 · 2024-05-06 18:55:00 +03:00 · 2024-05-06 18:55:00 +03:00 · afb0801430
commit afb0801430
parent 10bec4c782
2 changed files with 12 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,6 +14,9 @@
 !.pre-commit-config.yaml
 !.reuse

+# Certificates (unlikely to happen, but better safe than sorry)
+*.pem
+
 # Symlinks
 install.run
 LICENSE
--- a/etc/unbound/unbound.conf.d/doh-local.sample
+++ b/etc/unbound/unbound.conf.d/doh-local.sample
@ -0,0 +1,9 @@
+# semanage port -a -t dns_port_t -p tcp 4433
+interface: ::1@53
+interface: 127.0.0.1@53
+interface: ::1@4433
+interface: 127.0.0.1@4433
+https-port: 4433
+#http-notls-downstream: yes
+tls-service-key: /etc/unbound/conf.d/unbound.pem
+tls-service-pem: /etc/unbound/conf.d/unbound.pem