Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need easy way to setup unbound-control #142

Open
travispk opened this issue Sep 30, 2023 · 3 comments
Open

Need easy way to setup unbound-control #142

travispk opened this issue Sep 30, 2023 · 3 comments

Comments

@travispk
Copy link

Would like to use unbound-control to manage Unbound. Would be nice if the default config had it enabled for 127.0.0.1 only, and TLS was setup. So the docker exec XX unbound-control would work out of box.

Thank you!
@MatthewVance
Copy link
Owner

I understand. I know a few folks have wanted unbound-control and I've attempted to give some instructions on how to get it working in issue replies because it's not straight forward. It's not something I've wanted to implement or support out of the box thus far. The image is extensible and can be configured to support it for those who need/want it. When originally designing this image's default configuration, I left it off because I didn't need it for my personal setup* and to minimize the attack surface.

I'm open to putting something in the readme about how to re-configure the image to do it. I also do not mind if people fork this project or use this as a base image to a more feature rich version.

As far as TLS setup goes, I do not know how much value that would add if it was only configured for localhost. Using TLS also introduces other challenges. If a private key was included with the image, it would defeat the value of TLS. To do it safely, extra complexity would be needed such as generating a private key on the fly at runtime or requiring users to provide/mount one.

* I started this as a purely personal project and opened sourced it in case it would benefit a few other folks. I never imagined it would grow to be as popular as what it is today and struggle to properly support it. I'm thankful for the community who has jumped in to help, extend, and improve this.

@vincejv
Copy link

vincejv commented Oct 11, 2023
edited
Loading

Hi @MatthewVance, is it possible if we modify these lines to

unbound-docker/1.18.0/data/unbound.sh

Line 386 in 84088be

include: /opt/unbound/etc/unbound/forward-records.conf 

    ###########################################################################
    # FORWARD ZONE
    ###########################################################################

    include: /opt/unbound/etc/unbound/forward-records.conf


remote-control:
    control-enable: no
    
include: "/opt/unbound/etc/unbound/unbound.conf.d/*.conf"

so we can easily add our config in unbound.conf.d folder, and just add a mount in docker compose/run.
I know we can easily override the unbound.conf or edit the unbound.sh file, but both have its own trade off

  1. You lose the automatic slab, thread, and memory calculations from unbound.sh script (if you override unbound.conf)
  2. You will have to build your own docker image, instead of overriding the mounts (if you override unbound.sh, or maybe there is another way without having to rebuild the docker image??)

@MatthewVance
Copy link
Owner

@vincejv I like the idea and am open to exploring it further. It's a good middle ground solution. Do you want to mock up a PR for it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vincejv @MatthewVance @travispk