Updated from `js_include` to `js_import` in nginx which has been deprecated

master
Meliurwen 3 years ago
parent 97bfcb47cd
commit 7f9d43c5ce
Signed by: meliurwen
GPG Key ID: 818A8B35E9F1CE10
  1. 4
      nginx/root/etc/nginx/nginx.template
  2. 99
      nginx/root/etc/nginx/njs.d/dns/dns.js

@ -99,7 +99,7 @@ stream {
access_log /var/log/nginx/dns-access.log dns; access_log /var/log/nginx/dns-access.log dns;
# Include the NJS module # Include the NJS module
js_include /etc/nginx/njs.d/nginx_stream.js; js_import /etc/nginx/njs.d/dns/dns.js;
# The $dns_qname variable can be populated by preread calls, and can be used for DNS routing # The $dns_qname variable can be populated by preread calls, and can be used for DNS routing
js_set $dns_qname dns_get_qname; js_set $dns_qname dns_get_qname;
@ -129,7 +129,7 @@ stream {
# DNS over HTTPS (gateway) Service # DNS over HTTPS (gateway) Service
server { server {
listen 127.0.0.1:8053; listen 127.0.0.1:8053;
js_filter dns_filter_doh_request; js_filter dns.filter_doh_request;
proxy_pass dns; proxy_pass dns;
} }

@ -8,7 +8,7 @@ export default {get_qname, get_response, preread_doh_request, preread_dns_reques
* 2: As 1, but also parse answers. We can log the answers, and also cache responses in HTTP Content-Cache * 2: As 1, but also parse answers. We can log the answers, and also cache responses in HTTP Content-Cache
* 3: Very Verbose, log everything as above, but also write packet data to error log (slowest) * 3: Very Verbose, log everything as above, but also write packet data to error log (slowest)
**/ **/
var dns_decode_level = 2; var dns_decode_level = 3;
/** /**
* DNS Question Load Balancing * DNS Question Load Balancing
@ -47,49 +47,58 @@ function process_doh_request(s, decode, scrub) {
if ( data.length == 0 ) { if ( data.length == 0 ) {
return; return;
} }
data.split("\r\n").forEach( function(line) { const lines = data.split("\r\n");
var bytes; var bytes;
var packet; var packet;
if(lines[0].startsWith("GET")) {
var line = lines[0];
var path = line.split(" ")[1]
var params = path.split("?")[1]
var qs = params.split("&");
debug(s, "process_doh_request: QS Params: " + qs );
qs.some( param => {
if (param.startsWith("dns=") ) {
bytes = String.bytesFrom(param.slice(4), "base64url");
return true;
}
return false;
});
}
if ( line.toString('hex').startsWith( '0000') ) { if(lines[0].startsWith("POST")) {
bytes = line; const index = lines.findIndex(line=>{
} else if ( line.toString().startsWith("GET /dns-query?") ) { if(line.length == 0) {
var qs = line.slice("GET /dns-query?".length, line.length - " HTTP/1.1".length) return true;
qs = qs.split("&"); }
debug(s, "process_doh_request: QS Params: " + qs ); })
qs.some( param => { if(index>0 && lines.length >= index + 1){
if ( param.startsWith("dns=") ) { bytes = lines[index + 1];
bytes = String.bytesFrom(param.slice(4), "base64url");
return true;
}
return false;
});
} }
}
if (bytes) { if (bytes) {
debug(s, "process_doh_request: DNS Req: " + bytes.toString('hex') ); debug(s, "process_doh_request: DNS Req: " + bytes.toString('hex') );
if (decode) { if (decode) {
packet = dns.parse_packet(bytes); packet = dns.parse_packet(bytes);
debug(s, "process_doh_request: DNS Req ID: " + packet.id ); debug(s, "process_doh_request: DNS Req ID: " + packet.id );
dns.parse_question(packet); dns.parse_question(packet);
debug(s,"process_doh_request: DNS Req Name: " + packet.question.name); debug(s,"process_doh_request: DNS Req Name: " + packet.question.name);
dns_name = packet.question.name; dns_name = packet.question.name;
} }
if (scrub) { if (scrub) {
domain_scrub(s, bytes, packet); domain_scrub(s, bytes, packet);
s.done(); s.done();
} else {
s.send( to_bytes(bytes.length) );
s.send( bytes, {flush: true} );
}
} else { } else {
if ( ! scrub) { s.send( to_bytes(bytes.length) );
debug(s, "process_doh_request: DNS Req: " + line.toString() ); s.send( bytes, {flush: true} );
s.send(""); }
data = ""; } else {
} if ( ! scrub) {
debug(s, "process_doh_request: DNS Req: " + line.toString() );
s.send("");
data = "";
} }
}); }
}); });
} }
@ -145,7 +154,7 @@ function domain_scrub(s, data, packet) {
dns_response = to_bytes( dns_response.length ) + dns_response; dns_response = to_bytes( dns_response.length ) + dns_response;
} }
debug(s,"Scrubbed: Response: " + dns_response.toString('hex') ); debug(s,"Scrubbed: Response: " + dns_response.toString('hex') );
} else { } else {
debug(s,"Scrubbing: Check: Name: " + packet.question.name ); debug(s,"Scrubbing: Check: Name: " + packet.question.name );
if ( s.variables.scrub_action ) { if ( s.variables.scrub_action ) {
debug(s, "Scrubbing: Check: EXACT MATCH: Name: " + packet.question.name + ", Action: " + s.variables.scrub_action ); debug(s, "Scrubbing: Check: EXACT MATCH: Name: " + packet.question.name + ", Action: " + s.variables.scrub_action );
@ -205,7 +214,7 @@ function filter_doh_request(s) {
} else { } else {
s.send("HTTP/1.1 200\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Type: application/dns-message\r\nContent-Length:" + data.length + "\r\n"); s.send("HTTP/1.1 200\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60, max=1000\r\nContent-Type: application/dns-message\r\nContent-Length:" + data.length + "\r\n");
} }
if ( dns_decode_level > 0 ) { if ( dns_decode_level > 0 ) {
packet = dns.parse_packet(data); packet = dns.parse_packet(data);
dns.parse_question(packet); dns.parse_question(packet);
@ -213,11 +222,11 @@ function filter_doh_request(s) {
s.send("X-DNS-Question: " + dns_name + "\r\n"); s.send("X-DNS-Question: " + dns_name + "\r\n");
s.send("X-DNS-Type: " + dns.dns_type.value[packet.question.type] + "\r\n"); s.send("X-DNS-Type: " + dns.dns_type.value[packet.question.type] + "\r\n");
s.send("X-DNS-Result: " + dns.dns_codes.value[packet.codes & 0x0f] + "\r\n"); s.send("X-DNS-Result: " + dns.dns_codes.value[packet.codes & 0x0f] + "\r\n");
if ( dns_decode_level > 1 ) { if ( dns_decode_level > 1 ) {
if ( dns_decode_level == 2 ) { if ( dns_decode_level == 2 ) {
dns.parse_answers(packet, 2); dns.parse_answers(packet, 2);
} else if ( dns_decode_level > 2 ) { } else if ( dns_decode_level > 2 ) {
dns.parse_complete(packet, 2); dns.parse_complete(packet, 2);
} }
debug(s, "DNS Res Answers: " + JSON.stringify( Object.entries(packet.answers)) ); debug(s, "DNS Res Answers: " + JSON.stringify( Object.entries(packet.answers)) );
@ -235,8 +244,8 @@ function filter_doh_request(s) {
s.send("X-DNS-Answers: " + answers + "\r\n"); s.send("X-DNS-Answers: " + answers + "\r\n");
} }
debug(s, "DNS Res Packet: " + JSON.stringify( Object.entries(packet)) ); debug(s, "DNS Res Packet: " + JSON.stringify( Object.entries(packet)) );
} }
var d = new Date( Date.now() + (cache_time*1000) ).toUTCString(); var d = new Date( Date.now() + (cache_time*1000) ).toUTCString();
if ( ! d.includes(",") ) { if ( ! d.includes(",") ) {
d = d.split(" ") d = d.split(" ")

Loading…
Cancel
Save