support plain HTTP for DoH (#4997)

Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
2025-10-27 08:14:18 -04:00 · 2021-11-23 14:03:26 +01:00
parent 5f45ace89e
commit b8439789f4
3 changed files with 21 additions and 6 deletions
--- a/plugin/tls/README.md
+++ b/plugin/tls/README.md
@@ -2,7 +2,7 @@

 ## Name

-*tls* - allows you to configure the server certificates for the TLS and gRPC servers.
+*tls* - allows you to configure the server certificates for the TLS, gRPC, DoH servers.

 ## Description

@@ -57,6 +57,14 @@ grpc://. {
 }
 ~~~

+Start a DoH server on port 443 that is similar to the previous example, but using DoH for incoming queries.
+~~~
+https://. {
+	tls cert.pem key.pem ca.pem
+	forward . /etc/resolv.conf
+}
+~~~
+
 Only Knot DNS' `kdig` supports DNS-over-TLS queries, no command line client supports gRPC making
 debugging these transports harder than it should be.