Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 41 insertions, 0 deletions

diff --git a/contrib/dnspriv/nginx.conf b/contrib/dnspriv/nginx.conf
new file mode 100644
index 0000000..65e3868
--- /dev/null
+++ b/contrib/dnspriv/nginx.conf
@@ -0,0 +1,41 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# uncomment to choose an appropriate UID/GID; default is 'nobody'
+# user bind bind;
+
+worker_processes auto;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    multi_accept on;
+}
+
+stream {
+    upstream dns_tcp_servers {
+	server 127.0.0.1:8853;
+    }
+
+    server {
+	listen 853 ssl;
+	proxy_pass dns_tcp_servers;
+
+	# update to a suitable SSL certificate (e.g. from LetsEncrypt),
+	# and uncomment the following lines:
+	# ssl_certificate       /etc/nginx/lego/certificates/<cert>.crt;
+	# ssl_certificate_key   /etc/nginx/lego/certificates/<cert>.key;
+
+	ssl_protocols         TLSv1.2;
+	ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_session_tickets   on;
+	ssl_session_timeout   4h;
+	ssl_handshake_timeout 30s;
+    }
+}