replace sniproxy with nginx

Dockerfile

@@ -20,51 +20,47 @@ ENV SPOOF_ALL_DOMAINS=false
 ENV DNYDNS_CRON_SCHEDULE="*/15 * * * *"
 
 # HEALTHCHECKS
-HEALTHCHECK --interval=30s --timeout=3s CMD (pgrep "dnsdist" > /dev/null && pgrep "sniproxy" > /dev/null) || exit 1
+HEALTHCHECK --interval=30s --timeout=3s CMD (pgrep "dnsdist" > /dev/null && pgrep "nginx" > /dev/null) || exit 1
 
 # Expose Ports
 EXPOSE 5300/udp
-EXPOSE 80/tcp
-EXPOSE 443/tcp
+EXPOSE 8080/tcp
+EXPOSE 8443/tcp
 EXPOSE 8083/tcp
 
 RUN echo "I'm building for $TARGETPLATFORM"
 
 # Update Base
 RUN apk update && apk upgrade
 
+# Create Users
+RUN addgroup snidust && adduser -D -H -G snidust snidust
+
 # Install needed packages and clean up
-RUN apk add --no-cache tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap && rm -rf /var/cache/apk/*
+RUN apk add --no-cache tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream && rm -rf /var/cache/apk/*
 
 # Setup Folder(s)
 RUN mkdir -p /etc/dnsdist/conf.d && \
     mkdir -p /etc/snidust/ && \
     mkdir -p /etc/sniproxy/
 
-# Download and install sniproxy
-RUN ARCH=$(case ${TARGETPLATFORM:-linux/amd64} in \
-    "linux/amd64")   echo "amd64"  ;; \
-    "linux/arm/v7")  echo "arm"   ;; \
-    "linux/arm64")   echo "arm64" ;; \
-    *)               echo ""        ;; esac) \
-  && echo "ARCH=$ARCH" \
-  && curl -sSL https://github.com/mosajjal/sniproxy/releases/download/v2.0.4/sniproxy-v2.0.4-linux-${ARCH}.tar.gz | tar xvz \
-  && chmod +x sniproxy && install sniproxy /usr/local/bin && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/sniproxy && rm sniproxy
-
 # Copy Files
 COPY configs/dnsdist/dnsdist.conf.template /etc/dnsdist/dnsdist.conf.template
 COPY configs/dnsdist/conf.d/00-SniDust.conf /etc/dnsdist/conf.d/00-SniDust.conf
+COPY configs/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY domains.d /etc/snidust/domains.d
-COPY configs/sniproxy/config.yaml /etc/sniproxy/config.yaml
 
 COPY entrypoint.sh /entrypoint.sh
 COPY generateACL.sh /generateACL.sh
 COPY dynDNSCron.sh /dynDNSCron.sh
 
-RUN addgroup snidust && adduser -D -H -G snidust snidust
+
 
 RUN chown -R snidust:snidust /etc/dnsdist/ && \
-    chown -R snidust:snidust /etc/sniproxy/ && \
+    chown -R snidust:snidust /etc/nginx/ && \
+    chown -R snidust:snidust /var/log/nginx/ && \
+    chown -R snidust:snidust /var/lib/nginx/ && \
+    chown -R snidust:snidust /run/nginx/ && \
     chmod +x /entrypoint.sh && \
     chmod +x /generateACL.sh && \
     chmod +x dynDNSCron.sh

configs/dnsdist/conf.d/00-SniDust.conf

@@ -57,7 +57,7 @@ function ReloadACL(dq)
     dq.dh:setQR(true)
 
     infolog("[INFO] [SniDust] *** Reloading ACL... ***")
-    os.execute("/generateACL.sh && touch /tmp/reload_sni_proxy && PID_SNIPROXY=$(pidof sniproxy) && kill -HUP $PID_SNIPROXY")
+    os.execute("/generateACL.sh && /usr/sbin/nginx -s reload")
     setACLFromFile("/etc/dnsdist/allowedClients.acl")
     infolog("[INFO] [SniDust] *** ACL reload complete! ***")
 

configs/nginx/nginx.conf

@@ -0,0 +1,42 @@
+load_module '/usr/lib/nginx/modules/ngx_stream_module.so';
+worker_processes  auto;
+worker_rlimit_nofile 35000;
+events {
+    worker_connections  15000;
+    multi_accept off;
+}
+
+http {
+
+     access_log /var/log/nginx/access.log;
+     error_log /var/log/nginx/error.log;
+     server {
+            listen 8080 default_server;
+            listen [::]:8080 default_server;
+            resolver 8.8.8.8 ipv6=off;
+            include /etc/nginx/allowedClients.conf;
+            location / {
+                proxy_pass http://$host$request_uri;
+            }
+    }
+
+}
+
+
+stream {
+   log_format basic '$remote_addr [$time_local] '
+                     '$protocol $status $bytes_sent $bytes_received '
+                     '$session_time';
+
+   access_log /var/log/nginx/access.log basic;
+   error_log  /var/log/nginx/error.log error;
+
+   server {
+        resolver 1.1.1.1 ipv6=off;
+        listen 8443;
+        include /etc/nginx/allowedClients.conf;
+        ssl_preread on;
+        proxy_connect_timeout 5s;
+        proxy_pass $ssl_preread_server_name:443;
+    }
+}

dynDNSCron.sh

@@ -11,8 +11,7 @@ else
   echo "[ERROR] [DnyDNSCron] Failed to reload DnsDist ACL config!"
 fi
 
-touch /tmp/reload_sni_proxy
-echo "[INFO] [DnyDNSCron] Reloading/Restarting Sniproxy..."
-PID_SNIPROXY=$(pidof sniproxy)
-kill -HUP $PID_SNIPROXY
-echo "[INFO] [DnyDNSCron] Sniproxy successfully reloaded/restarted"
+
+echo "[INFO] [DnyDNSCron] reloading nginx..."
+/usr/sbin/nginx -s reload
+echo "[INFO] [DnyDNSCron] ngix successfully reloaded"

entrypoint.sh

@@ -28,7 +28,7 @@ source generateACL.sh
 set -e
 
 
-echo "[INFO] Generating DNSDist Configs..."
+echo "[INFO] Generating DNSDist Config..."
 /bin/bash /etc/dnsdist/dnsdist.conf.template > /etc/dnsdist/dnsdist.conf
 
 if [ "$DYNDNS_CRON_ENABLED" = true ];
@@ -41,16 +41,9 @@ fi
 echo "[INFO] Starting DNSDist..."
 /usr/bin/dnsdist -C /etc/dnsdist/dnsdist.conf --supervised --disable-syslog --uid snidust --gid snidust &
 
-echo "[INFO] Starting sniproxy"
-(until /usr/local/bin/sniproxy --config "/etc/sniproxy/config.yaml"; do
-    if [ -f "/tmp/reload_sni_proxy" ];
-    then
-      # ignore => restarted by cron
-      rm -f /tmp/reload_sni_proxy
-    else
-      echo "[WARN] sniproxy crashed with exit code $?. Restarting..." >&2
-    fi
-    sleep 1
-done) &
+
+echo "[INFO] Starting nginx.."
+nginx
+
 echo "[INFO] Using $EXTERNAL_IP - Point your DNS settings to this address"
 wait -n

generateACL.sh

@@ -37,8 +37,12 @@ fi
 
 if [ -f "/etc/dnsdist/allowedClients.acl" ];
 then
+  echo "" > etc/nginx/allowedClients.conf
   while read -r line
   do
-      echo "$line,allow" >> /etc/sniproxy/allowedClients.acl
+      echo "allow $line;" >> /etc/nginx/allowedClients.conf
   done < "/etc/dnsdist/allowedClients.acl"
+  echo "deny  all;" >> /etc/nginx/allowedClients.conf
+else
+  touch /etc/nginx/allowedClients.conf
 fi