zer0 revised this gist . Go to revision
1 file changed, 1 insertion
AdGuardHome.yaml
| @@ -1,4 +1,5 @@ | |||
| 1 | 1 | # remove all comments | |
| 2 | + | # make sure cert is issued both for the FQDN and the wildcard of that FQDN | |
| 2 | 3 | http: | |
| 3 | 4 | pprof: | |
| 4 | 5 | port: 6060 | |
zer0 revised this gist . Go to revision
1 file changed, 9 insertions, 8 deletions
AdGuardHome.yaml
| @@ -1,22 +1,23 @@ | |||
| 1 | + | # remove all comments | |
| 1 | 2 | http: | |
| 2 | 3 | pprof: | |
| 3 | 4 | port: 6060 | |
| 4 | 5 | enabled: false | |
| 5 | - | address: 0.0.0.0:19152 # use a port not used by anything else | |
| 6 | + | address: 0.0.0.0:24248 # port for HTTP UI - use a port not used by anything else. For docker, leave 0.0.0.0 as-is | |
| 6 | 7 | session_ttl: 720h | |
| 7 | 8 | ||
| 8 | 9 | tls: | |
| 9 | 10 | enabled: true | |
| 10 | - | server_name: "yourdomain.name" | |
| 11 | + | server_name: "yourdomain.name" # TLS cert MUST have this as the CN or SAN | |
| 11 | 12 | force_https: false | |
| 12 | - | port_https: 0 | |
| 13 | - | port_dns_over_tls: 853 | |
| 14 | - | port_dns_over_quic: 853 | |
| 13 | + | port_https: 0 # tell AGH not to serve the UI over HTTPS | |
| 14 | + | port_dns_over_tls: 853 # tell AGH to serve a DoT endpoint | |
| 15 | + | port_dns_over_quic: 0 | |
| 15 | 16 | port_dnscrypt: 0 | |
| 16 | 17 | dnscrypt_config_file: "" | |
| 17 | - | allow_unencrypted_doh: true | |
| 18 | + | allow_unencrypted_doh: true # because NPM will proxy HTTPS to HTTP | |
| 18 | 19 | certificate_chain: "" | |
| 19 | 20 | private_key: "" | |
| 20 | - | certificate_path: "/path/to/cert" | |
| 21 | - | private_key_path: "/path/to/key" | |
| 21 | + | certificate_path: "/path/to/cert" # for DoT only | |
| 22 | + | private_key_path: "/path/to/key" # for DoT only | |
| 22 | 23 | strict_sni_check: false | |
zer0 revised this gist . Go to revision
1 file changed, 22 insertions
AdGuardHome.yaml(file created)
| @@ -0,0 +1,22 @@ | |||
| 1 | + | http: | |
| 2 | + | pprof: | |
| 3 | + | port: 6060 | |
| 4 | + | enabled: false | |
| 5 | + | address: 0.0.0.0:19152 # use a port not used by anything else | |
| 6 | + | session_ttl: 720h | |
| 7 | + | ||
| 8 | + | tls: | |
| 9 | + | enabled: true | |
| 10 | + | server_name: "yourdomain.name" | |
| 11 | + | force_https: false | |
| 12 | + | port_https: 0 | |
| 13 | + | port_dns_over_tls: 853 | |
| 14 | + | port_dns_over_quic: 853 | |
| 15 | + | port_dnscrypt: 0 | |
| 16 | + | dnscrypt_config_file: "" | |
| 17 | + | allow_unencrypted_doh: true | |
| 18 | + | certificate_chain: "" | |
| 19 | + | private_key: "" | |
| 20 | + | certificate_path: "/path/to/cert" | |
| 21 | + | private_key_path: "/path/to/key" | |
| 22 | + | strict_sni_check: false | |