主页 / user-597211

Trigus's questions

Martin Hope
Trigus
Asked: 2021-08-28 15:12:53 +0800 CST
  • 0

我正在尝试设置以下内容:

┌──────────────────┐            ┌────────────────────┐           ┌─────────┐    
│                  │            │                    │           │         │    
│      Router      │            │                    │           │Server 1 │    
│       NAT        │Port forward│                    │           │         │    
│                  │ ────────►  │     Server 0       │           │HTTP >   │    
│                  │            │                    │           │HTTPS    │    
│                  │            │    1.example.com  ───────────► │redirect │    
│                  │            │    2.example.com  ────┐        └─────────┘    
└──────────────────┘            └────────────────────┘  │         192.168.178.8 
                                     192.168.178.4      │                       
                                                        │   ┌─────────┐         
                                                        │   │         │         
                                                        │   │         │         
                                                        │   │Server 2 │         
                                                        └─► │         │         
                                                            │HTTP only│         
                                                            │         │         
                                                            └─────────┘         
                                                            192.168.178.7

我希望服务器 0 充当仅转发流量的完全透明代理。这样客户端就不会与服务器 0 建立 TLS 连接,而是直接与服务器 1/2 建立连接,并且在服务器 1/2 上基于 HTTP-01 挑战的自动证书生成和更新仍然有效。

subdomain ssl nginx reverse-proxy transparent-proxy
Martin Hope
Trigus
Asked: 2021-01-08 16:57:21 +0800 CST
  • 0

设置起来似乎很简单,但我实际上无法让它工作..

设置:

$ docker run -it -p 53:5300/udp alpine /bin/sh

$ apk add bash nano wget ca-certificates bind-tools unbound
$ mkdir -p /var/log/unbound
$ touch /var/log/unbound/unbound.log
$ chown unbound /var/log/unbound/unbound.log

/etc/unbound/unbound.conf:

server:
        verbosity: 2
        interface: 0.0.0.0
        port: 5300
        logfile: "/var/log/unbound/unbound.log"
        root-hints: /usr/share/dns-root-hints/named.root
        trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
python:
remote-control:
        control-enable: yes
        control-interface: /run/unbound.control.sock

测试:

$ unbound
$ dig google.com @127.0.0.1 -p 5300

; <<>> DiG 9.16.6 <<>> google.com @127.0.0.1 -p 5300
;; global options: +cmd
;; connection timed out; no servers could be reached

/var/log/unbound/unbound.log:

[1610066128] unbound[72:0] notice: init module 0: validator
[1610066128] unbound[72:0] notice: init module 1: iterator
[1610066128] unbound[72:0] info: start of service (unbound 1.10.1).
## dig
[1610066668] unbound[72:0] info: resolving google.com. A IN
[1610066668] unbound[72:0] info: priming . IN NS
[1610066669] unbound[72:0] notice: sendto failed: Address not available
[1610066669] unbound[72:0] notice: remote address is 2001:500:2f::f port 53
[1610066669] unbound[72:0] info: error sending query to auth server 2001:500:2f::f port 53
[1610066669] unbound[72:0] notice: sendto failed: Address not available
[1610066669] unbound[72:0] notice: remote address is 2001:500:2d::d port 53
[1610066669] unbound[72:0] info: error sending query to auth server 2001:500:2d::d port 53
[1610066670] unbound[72:0] notice: sendto failed: Address not available
[1610066670] unbound[72:0] notice: remote address is 2001:7fd::1 port 53
[1610066670] unbound[72:0] info: error sending query to auth server 2001:7fd::1 port 53
[1610066670] unbound[72:0] notice: sendto failed: Address not available
[1610066670] unbound[72:0] notice: remote address is 2001:500:a8::e port 53
[1610066670] unbound[72:0] info: error sending query to auth server 2001:500:a8::e port 53
[1610066670] unbound[72:0] notice: sendto failed: Address not available
[1610066670] unbound[72:0] notice: remote address is 2001:500:2d::d port 53
[1610066670] unbound[72:0] info: error sending query to auth server 2001:500:2d::d port 53
[1610066672] unbound[72:0] notice: sendto failed: Address not available
[1610066672] unbound[72:0] notice: remote address is 2001:7fe::53 port 53
[1610066672] unbound[72:0] info: error sending query to auth server 2001:7fe::53 port 53
[1610066672] unbound[72:0] notice: sendto failed: Address not available
[1610066672] unbound[72:0] notice: remote address is 2001:500:1::53 port 53
[1610066672] unbound[72:0] info: error sending query to auth server 2001:500:1::53 port 53
[1610066672] unbound[72:0] notice: sendto failed: Address not available
[1610066672] unbound[72:0] notice: remote address is 2001:500:a8::e port 53
[1610066672] unbound[72:0] info: error sending query to auth server 2001:500:a8::e port 53
[1610066672] unbound[72:0] notice: sendto failed: Address not available
[1610066672] unbound[72:0] notice: remote address is 2001:500:2d::d port 53
[1610066672] unbound[72:0] info: error sending query to auth server 2001:500:2d::d port 53
[1610066676] unbound[72:0] notice: sendto failed: Address not available
[1610066676] unbound[72:0] notice: remote address is 2001:500:2f::f port 53
[1610066676] unbound[72:0] info: error sending query to auth server 2001:500:2f::f port 53
[1610066676] unbound[72:0] notice: sendto failed: Address not available
[1610066676] unbound[72:0] notice: remote address is 2001:500:200::b port 53
[1610066676] unbound[72:0] info: error sending query to auth server 2001:500:200::b port 53
[1610066676] unbound[72:0] notice: sendto failed: Address not available
[1610066676] unbound[72:0] notice: remote address is 2001:500:1::53 port 53
[1610066676] unbound[72:0] info: error sending query to auth server 2001:500:1::53 port 53
[1610066677] unbound[72:0] notice: sendto failed: Address not available
[1610066677] unbound[72:0] notice: remote address is 2001:500:200::b port 53
[1610066677] unbound[72:0] info: error sending query to auth server 2001:500:200::b port 53
[1610066678] unbound[72:0] notice: sendto failed: Address not available
[1610066678] unbound[72:0] notice: remote address is 2001:503:ba3e::2:30 port 53
[1610066678] unbound[72:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
[1610066678] unbound[72:0] notice: sendto failed: Address not available
[1610066678] unbound[72:0] notice: remote address is 2001:500:9f::42 port 53
[1610066678] unbound[72:0] info: error sending query to auth server 2001:500:9f::42 port 53
[1610066678] unbound[72:0] notice: sendto failed: Address not available
[1610066678] unbound[72:0] notice: remote address is 2001:500:12::d0d port 53
[1610066678] unbound[72:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1610066679] unbound[72:0] notice: sendto failed: Address not available
[1610066679] unbound[72:0] notice: remote address is 2001:dc3::35 port 53
[1610066679] unbound[72:0] info: error sending query to auth server 2001:dc3::35 port 53
[1610066679] unbound[72:0] notice: sendto failed: Address not available
[1610066679] unbound[72:0] notice: remote address is 2001:500:9f::42 port 53
[1610066679] unbound[72:0] info: error sending query to auth server 2001:500:9f::42 port 53
[1610066680] unbound[72:0] notice: sendto failed: Address not available
[1610066680] unbound[72:0] notice: remote address is 2001:500:2::c port 53
[1610066680] unbound[72:0] info: error sending query to auth server 2001:500:2::c port 53
[1610066680] unbound[72:0] notice: sendto failed: Address not available
[1610066680] unbound[72:0] notice: remote address is 2001:dc3::35 port 53
[1610066680] unbound[72:0] info: error sending query to auth server 2001:dc3::35 port 53
[1610066682] unbound[72:0] notice: sendto failed: Address not available
[1610066682] unbound[72:0] notice: remote address is 2001:503:c27::2:30 port 53
[1610066682] unbound[72:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1610066682] unbound[72:0] notice: sendto failed: Address not available
[1610066682] unbound[72:0] notice: remote address is 2001:dc3::35 port 53
[1610066682] unbound[72:0] info: error sending query to auth server 2001:dc3::35 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:500:1::53 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:500:1::53 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:500:1::53 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:500:1::53 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:500:9f::42 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:500:9f::42 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:7fd::1 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:7fd::1 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:dc3::35 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:dc3::35 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:dc3::35 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:dc3::35 port 53
[1610066683] unbound[72:0] notice: sendto failed: Address not available
[1610066683] unbound[72:0] notice: remote address is 2001:7fe::53 port 53
[1610066683] unbound[72:0] info: error sending query to auth server 2001:7fe::53 port 53
[1610066685] unbound[72:0] notice: sendto failed: Address not available
[1610066685] unbound[72:0] notice: remote address is 2001:500:2f::f port 53
[1610066685] unbound[72:0] info: error sending query to auth server 2001:500:2f::f port 53
[1610066688] unbound[72:0] notice: sendto failed: Address not available
[1610066688] unbound[72:0] notice: remote address is 2001:7fe::53 port 53
[1610066688] unbound[72:0] info: error sending query to auth server 2001:7fe::53 port 53
[1610066688] unbound[72:0] notice: sendto failed: Address not available
[1610066688] unbound[72:0] notice: remote address is 2001:500:12::d0d port 53
[1610066688] unbound[72:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1610066688] unbound[72:0] notice: sendto failed: Address not available
[1610066688] unbound[72:0] notice: remote address is 2001:500:9f::42 port 53
[1610066688] unbound[72:0] info: error sending query to auth server 2001:500:9f::42 port 53
[1610066688] unbound[72:0] notice: sendto failed: Address not available
[1610066688] unbound[72:0] notice: remote address is 2001:500:12::d0d port 53
[1610066688] unbound[72:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:7fd::1 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:7fd::1 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:503:ba3e::2:30 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:7fd::1 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:7fd::1 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:2f::f port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:2f::f port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:9f::42 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:9f::42 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:1::53 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:1::53 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:a8::e port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:a8::e port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:7fe::53 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:7fe::53 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:2f::f port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:2f::f port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:7fe::53 port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:7fe::53 port 53
[1610066691] unbound[72:0] notice: sendto failed: Address not available
[1610066691] unbound[72:0] notice: remote address is 2001:500:200::b port 53
[1610066691] unbound[72:0] info: error sending query to auth server 2001:500:200::b port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:500:12::d0d port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:500:a8::e port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:500:a8::e port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:7fd::1 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:7fd::1 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:503:ba3e::2:30 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:503:ba3e::2:30 port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:500:12::d0d port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:500:12::d0d port 53
[1610066692] unbound[72:0] notice: sendto failed: Address not available
[1610066692] unbound[72:0] notice: remote address is 2001:500:2d::d port 53
[1610066692] unbound[72:0] info: error sending query to auth server 2001:500:2d::d port 53
[1610066694] unbound[72:0] notice: sendto failed: Address not available
[1610066694] unbound[72:0] notice: remote address is 2001:500:2d::d port 53
[1610066694] unbound[72:0] info: error sending query to auth server 2001:500:2d::d port 53
[1610066695] unbound[72:0] notice: sendto failed: Address not available
[1610066695] unbound[72:0] notice: remote address is 2001:500:2::c port 53
[1610066695] unbound[72:0] info: error sending query to auth server 2001:500:2::c port 53
[1610066695] unbound[72:0] notice: sendto failed: Address not available
[1610066695] unbound[72:0] notice: remote address is 2001:503:c27::2:30 port 53
[1610066695] unbound[72:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:200::b port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:200::b port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:503:ba3e::2:30 port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:a8::e port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:a8::e port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:200::b port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:200::b port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:2::c port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:2::c port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:2::c port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:2::c port 53
[1610066698] unbound[72:0] notice: sendto failed: Address not available
[1610066698] unbound[72:0] notice: remote address is 2001:500:2::c port 53
[1610066698] unbound[72:0] info: error sending query to auth server 2001:500:2::c port 53
docker alpine unbound