Loading... 使用bj和hk机器,同时部署adguard dns服务,且将hk作为bj上游服务器,实现DNS准确解析。 # 生成证书 ``` @mlab.ops.www export Ali_Key="xxx" export Ali_Secret="xxx" /root/.acme.sh/acme.sh --issue -d op123.ren -d "*.op123.ren" --challenge-alias xxx --dns dns_ali --force ``` ``` @mlab.ops.bj cd /opt/doh scp root@www.sddts.cn:/root/.acme.sh/op123.ren_ecc/fullchain.cer op123.ren.crt fullchain.cer scp root@www.sddts.cn:/root/.acme.sh/op123.ren_ecc/op123.ren.key op123.ren.key op123.ren.key ``` # adguard docker-compose.yml ``` version: '3' services: doh-server: image: adguard/adguardhome ports: - 53:53/udp # - 53000:3000/tcp # - 53080:80/tcp volumes: - ./config:/opt/adguardhome/conf - ./op123.ren.crt:/opt/sslkeys/op123.ren.crt - ./op123.ren.key:/opt/sslkeys/op123.ren.key restart: always networks: doh-network: ipv4_address: 172.19.25.51 networks: doh-network: driver: bridge ipam: config: - subnet: 172.19.25.0/24 name: doh-network ``` # 放开容器互访策略 ``` iptables -I DOCKER-ISOLATION-STAGE-1 1 -j ACCEPT iptables -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT ``` # 部署tailscale路由 ``` @mlab.ops.bj tailscale set --advertise-route 172.19.0.0/16 @mlab.ops.headsacle headscale route list headscale route enable -r 13 ``` # 本地浏览器访问(已加网) ![2023-11-20T05:19:12.png][1] ![2023-11-20T05:19:23.png][2] 本来计划用haproxy做udp53端口转发,但是不支持,直接采用compose文件中的ports映射了。 # 收果 ``` 47.93.41.92 ``` ![2023-11-20T05:20:37.png][3] ![2023-11-20T05:22:59.png][4] [1]: https://www.sddts.cn/usr/uploads/2023/11/3535171316.png [2]: https://www.sddts.cn/usr/uploads/2023/11/1197545291.png [3]: https://www.sddts.cn/usr/uploads/2023/11/3993503845.png [4]: https://www.sddts.cn/usr/uploads/2023/11/3520466137.png 最后修改:2024 年 05 月 11 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏