Home A - Z Changelog
Menu

An Otter Wiki

Blame

d109b3 Cédric 2025-12-26 10:37:22 1 
# Technitium et Jotty via docker-compose
2
3
Voici les deux manifest, relativement simples pour mettre en oeuvre les deux outils dont je vous parle dans l'article vBlog :
467d0e Cédric 2025-12-26 11:13:26 4
https://vblog.io/cest-noel-deux-outils-geniaux-et-un-nouveau-wiki/
d109b3 Cédric 2025-12-26 10:37:22 5
6
### Le docker-compose de Technitium ...
7
8
Le service est identifié par le nom de domaine primaire.home.naoned.net, défini via la variable d’environnement DNS_SERVER_DOMAIN. Une directive sysctls ajuste la plage des ports locaux IPv4 (net.ipv4.ip_local_port_range) pour optimiser la gestion des connexions.
9
10
```yaml
11
services:
12
dns-server:
13
container_name: dns-server
14
hostname: dns-server
15
image: technitium/dns-server:latest
16
# Utilisez le mode "host" en cas d'usage du DHCP de Technitium.
17
# network_mode: "host"
18
ports:
19
- "5380:5380/tcp" #DNS web console (HTTP)
20
- "53443:53443/tcp" #DNS web console (HTTPS)
21
- "53:53/udp" #DNS service
22
- "53:53/tcp" #DNS service
23
# - "853:853/udp" #DNS-over-QUIC service
24
# - "853:853/tcp" #DNS-over-TLS service
25
# - "443:443/udp" #DNS-over-HTTPS service (HTTP/3)
26
# - "443:443/tcp" #DNS-over-HTTPS service (HTTP/1.1, HTTP/2)
27
# - "80:80/tcp" #DNS-over-HTTP service
28
# - "8053:8053/tcp" #DNS-over-HTTP service
29
# - "67:67/udp" #DHCP service
30
environment:
31
- DNS_SERVER_DOMAIN=primaire.home.naoned.net #The primary domain name used by this DNS Server to identify itself.
32
# - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
33
# - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
34
# - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
35
# - DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1 #Comma separated list of network interface IP addresses that you want the web service to listen on for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
36
# - DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 #The TCP port number for the DNS web console over HTTP protocol.
37
# - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
38
# - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
39
# - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
40
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/etc/dns/tls/cert.pfx #The file path to the TLS certificate for the DNS web console.
41
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD=password #The password for the TLS certificate for the DNS web console.
42
# - DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT=false #Enables HTTP to HTTPS redirection for the DNS web console.
43
# - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
44
# - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
45
# - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.
46
# - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
47
# - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
48
# - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
49
# - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
50
# - DNS_SERVER_BLOCK_LIST_URLS= #A comma separated list of block list URLs.
51
# - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
52
# - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
53
# - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
54
volumes:
55
- ./config:/etc/dns
56
restart: unless-stopped
57
sysctls:
58
- net.ipv4.ip_local_port_range=1024 65535
59
```
60
61
### ... et celui de Jotty
62
63
Ce manifest YAML définit un service Jotty déployé via Docker Compose. Il s’exécute avec un utilisateur spécifique (501:20) pour gérer les permissions sur les volumes montés. Trois volumes sont configurés en rw : ./data pour les données persistantes, ./config pour les fichiers de configuration, et ./cache pour le cache de l’application. Enfin, le conteneur redémarre automatiquement en cas d’arrêt (restart: unless-stopped), et la variable d’environnement NODE_ENV=production indique que l’application doit s’exécuter en mode production, optimisant ainsi ses performances et sa sécurité.
64
65
```yaml
66
services:
67
jotty:
68
image: ghcr.io/fccview/jotty:latest
69
container_name: jotty
70
user: "501:20"
71
ports:
72
- "1122:3000"
73
volumes:
74
- ./data:/app/data:rw
75
- ./config:/app/config:rw
76
- ./cache:/app/.next/cache:rw
77
restart: unless-stopped
78
environment:
79
- NODE_ENV=production
80
```