DNS-over-HTTPS

README.md

@@ -9,6 +9,8 @@
 * DNS resolver: [unbound](https://nlnetlabs.nl/projects/unbound/about/) ([config](unbound.conf))
 * DNS-over-TLS: [haproxy](https://www.haproxy.org/) ([config](haproxy.cfg))
 
-### [Adblock](adblock/)
+### Adblocking DNS resolver
 
 Powered by [Pi-hole](https://pi-hole.net/).
+
+* [Configuration](adblock/) (Docker-deployed)

adblock/docker-compose.yml

@@ -28,3 +28,13 @@ services:
       - 127.0.0.1
       - 198.251.90.114
     restart: unless-stopped
+  doh:
+    environment:
+      - "UPSTREAM_NAME=pihole"
+    restart: always
+    image: quay.io/sheogorath/doh
+#    build:
+#      context: .
+    ports:
+      - "127.0.0.1:8054:8053"
+

haproxy.cfg

@@ -83,6 +83,12 @@ frontend 443-in
 
 	use_backend check if { path /check }
 
+	use_backend doh-uncensored if { hdr(host) -i uncensored.any.dns.nixnet.xyz }
+	use_backend doh-adblock if { hdr(host) -i adblock.any.dns.nixnet.xyz }
+
+	use_backend doh-uncensored if { hdr(host) -i uncensored.lux1.dns.nixnet.xyz }
+	use_backend doh-adblock if { hdr(host) -i adblock.lux1.dns.nixnet.xyz }
+
 #	default_backend nginx
 
 backend check
@@ -119,3 +125,14 @@ backend dns-uncensored
 backend dns-adblock
 	mode tcp
 	server pihole 198.251.90.89:53 check
+
+# DoH backends
+backend doh-uncensored
+	mode http
+	server doh-uncensored 127.0.0.1:8053 check
+
+backend doh-adblock
+	mode http
+	server doh-adblock 127.0.0.1:8054 check
+
+