From 247dc01f8abda9e67f4bb331489caea86234cb05 Mon Sep 17 00:00:00 2001 From: "Quentin McGaw (desktop)" Date: Sat, 8 Feb 2020 21:08:49 +0000 Subject: [PATCH] Minor changes - Added missing environment variables to Dockerfile - Constant ca certificates filepath - Removed dns/os.go unused file - Formatting improvements - Added comments - Readme TODOs update --- Dockerfile | 3 +++ README.md | 9 ++++++++- internal/constants/paths.go | 2 ++ internal/dns/conf.go | 2 +- internal/dns/os.go | 33 --------------------------------- internal/params/params.go | 2 ++ internal/settings/dns.go | 4 ++-- internal/splash/splash.go | 3 ++- 8 files changed, 20 insertions(+), 38 deletions(-) delete mode 100644 internal/dns/os.go diff --git a/Dockerfile b/Dockerfile index 8575af0e..ca8918be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,9 @@ ENV USER= \ REGION="CA Montreal" \ DOT=on \ DOT_PROVIDERS=cloudflare \ + DOT_VERBOSITY=1 \ + DOT_VERBOSITY_DETAILS=0 \ + DOT_VALIDATION_LOGLEVEL=0 \ BLOCK_MALICIOUS=on \ BLOCK_SURVEILLANCE=off \ BLOCK_ADS=off \ diff --git a/README.md b/README.md index 3aa28614..47d2ee47 100644 --- a/README.md +++ b/README.md @@ -322,7 +322,14 @@ Note that not all regions support port forwarding. - Setup - Logging streams - More unit tests -- Switch to iptables-go instead of using the shell iptables +- Write in Go + - DNS over TLS to replace Unbound + - HTTP proxy to replace tinyproxy + - use [go-Shadowsocks2](https://github.com/shadowsocks/go-shadowsocks2) + - DNS over HTTPS, maybe use [github.com/likexian/doh-go](https://github.com/likexian/doh-go) + - use [iptables-go](https://github.com/coreos/go-iptables) to replace iptables + - wireguard-go + - Openvpn to replace openvpn ## License diff --git a/internal/constants/paths.go b/internal/constants/paths.go index b318eeb6..ce338bf1 100644 --- a/internal/constants/paths.go +++ b/internal/constants/paths.go @@ -9,6 +9,8 @@ const ( UnboundConf models.Filepath = "/etc/unbound/unbound.conf" // ResolvConf is the file path to the system resolv.conf file ResolvConf models.Filepath = "/etc/resolv.conf" + // CACertificates is the file path to the CA certificates file + CACertificates models.Filepath = "/etc/ssl/certs/ca-certificates.crt" // OpenVPNAuthConf is the file path to the OpenVPN auth file OpenVPNAuthConf models.Filepath = "/etc/openvpn/auth.conf" // OpenVPNConf is the file path to the OpenVPN client configuration file diff --git a/internal/dns/conf.go b/internal/dns/conf.go index 40637899..5469af81 100644 --- a/internal/dns/conf.go +++ b/internal/dns/conf.go @@ -52,7 +52,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo "hide-identity": "yes", "hide-version": "yes", // Security - "tls-cert-bundle": "\"/etc/ssl/certs/ca-certificates.crt\"", + "tls-cert-bundle": fmt.Sprintf("%q", constants.CACertificates), "root-hints": fmt.Sprintf("%q", constants.RootHints), "trust-anchor-file": fmt.Sprintf("%q", constants.RootKey), "harden-below-nxdomain": "yes", diff --git a/internal/dns/os.go b/internal/dns/os.go deleted file mode 100644 index 7ab6b4ed..00000000 --- a/internal/dns/os.go +++ /dev/null @@ -1,33 +0,0 @@ -package dns - -import ( - "net" - "strings" - - "github.com/qdm12/private-internet-access-docker/internal/constants" -) - -func (c *configurator) SetNameserver(IP net.IP) error { - c.logger.Info("%s: setting local nameserver to %s", logPrefix, IP.String()) - data, err := c.fileManager.ReadFile(string(constants.ResolvConf)) - if err != nil { - return err - } - s := strings.TrimSuffix(string(data), "\n") - lines := strings.Split(s, "\n") - if len(lines) == 1 && lines[0] == "" { - lines = nil - } - found := false - for i := range lines { - if strings.HasPrefix(lines[i], "nameserver ") { - lines[i] = "nameserver " + IP.String() - found = true - } - } - if !found { - lines = append(lines, "nameserver "+IP.String()) - } - data = []byte(strings.Join(lines, "\n")) - return c.fileManager.WriteToFile(string(constants.ResolvConf), data) -} diff --git a/internal/params/params.go b/internal/params/params.go index f493c351..27a6c3b9 100644 --- a/internal/params/params.go +++ b/internal/params/params.go @@ -63,6 +63,8 @@ type paramsReader struct { unsetEnv func(key string) error } +// NewParamsReader returns a paramsReadeer object to read parameters from +// environment variables func NewParamsReader(logger logging.Logger) ParamsReader { return ¶msReader{ envParams: libparams.NewEnvParams(), diff --git a/internal/settings/dns.go b/internal/settings/dns.go index 6d725f9e..ec489e29 100644 --- a/internal/settings/dns.go +++ b/internal/settings/dns.go @@ -42,11 +42,11 @@ func (d *DNS) String() string { } settingsList := []string{ "DNS over TLS settings:", - "DNS over TLS provider: \n |--" + strings.Join(providersStr, "\n |--"), + "DNS over TLS provider:\n |--" + strings.Join(providersStr, "\n |--"), "Block malicious: " + blockMalicious, "Block surveillance: " + blockSurveillance, "Block ads: " + blockAds, - "Allowed hostnames: " + strings.Join(d.AllowedHostnames, ", "), + "Allowed hostnames:\n |--" + strings.Join(d.AllowedHostnames, "\n |--"), "Private addresses:\n |--" + strings.Join(d.PrivateAddresses, "\n |--"), "Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel), "Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel), diff --git a/internal/splash/splash.go b/internal/splash/splash.go index a63791e9..737b3963 100644 --- a/internal/splash/splash.go +++ b/internal/splash/splash.go @@ -10,6 +10,7 @@ import ( "github.com/qdm12/private-internet-access-docker/internal/params" ) +// Splash returns the welcome spash message func Splash(paramsReader params.ParamsReader) string { version := paramsReader.GetVersion() vcsRef := paramsReader.GetVcsRef() @@ -40,7 +41,7 @@ func title() []string { func annoucement() []string { timestamp := time.Now().UnixNano() / 1000000000 if timestamp < constants.AnnoucementExpiration { - return []string{emoji.Sprint(":rotating_light: ") + constants.Annoucement} + return []string{emoji.Sprint(":mega: ") + constants.Annoucement} } return nil }