summaryrefslogtreecommitdiffstats
path: root/contrib/dnspriv/nginx.conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:22 +0000
commit45d6379135504814ab723b57f0eb8be23393a51d (patch)
treed4f2ec4acca824a8446387a758b0ce4238a4dffa /contrib/dnspriv/nginx.conf
parentInitial commit. (diff)
downloadbind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz
bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip
Adding upstream version 1:9.16.44.upstream/1%9.16.44
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'contrib/dnspriv/nginx.conf')
-rw-r--r--contrib/dnspriv/nginx.conf43
1 files changed, 43 insertions, 0 deletions
diff --git a/contrib/dnspriv/nginx.conf b/contrib/dnspriv/nginx.conf
new file mode 100644
index 0000000..83f2a88
--- /dev/null
+++ b/contrib/dnspriv/nginx.conf
@@ -0,0 +1,43 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# uncomment to choose an appropriate UID/GID; default is 'nobody'
+# user bind bind;
+
+worker_processes auto;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 1024;
+ multi_accept on;
+}
+
+stream {
+ upstream dns_tcp_servers {
+ server 127.0.0.1:8853;
+ }
+
+ server {
+ listen 853 ssl;
+ proxy_pass dns_tcp_servers;
+
+ # update to a suitable SSL certificate (e.g. from LetsEncrypt),
+ # and uncomment the following lines:
+ # ssl_certificate /etc/nginx/lego/certificates/<cert>.crt;
+ # ssl_certificate_key /etc/nginx/lego/certificates/<cert>.key;
+
+ ssl_protocols TLSv1.2;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_session_tickets on;
+ ssl_session_timeout 4h;
+ ssl_handshake_timeout 30s;
+ }
+}