Changes from upstream

.github/workflows/coverage.yml

@@ -0,0 +1,38 @@
+name: Run coverage testing
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "*.go"
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ^1.14
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Get gopherbadger
+        run: go get github.com/jpoles1/gopherbadger
+
+      - name: Run test
+        run: gopherbadger -style=for-the-badge -covercmd "go test -v -race -covermode atomic -coverprofile=coverage.out ./... && go tool cover -func=coverage.out"
+
+      - name: Commit coverage badge
+        uses: EndBug/add-and-commit@v7
+        with:
+          message: "ci: update coverage"
+          add: "coverage_badge.png"
+          author_name: "github-actions[bot]"
+          author_email: "github-actions[bot]@users.noreply.github.com"

.github/workflows/release.yml

@@ -0,0 +1,26 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -2,46 +2,25 @@ name: Build and Test
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 
 jobs:
-
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ^1.14
 
-    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
-      with:
-        go-version: ^1.13
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        if [ -f Gopkg.toml ]; then
-            curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-            dep ensure
-        fi
-
-    - name: Build
-      run: go build -v ./...
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
 
-    - name: Test
-      run: go test -v -race -covermode atomic -coverprofile=covprofile ./...
+      - name: Build
+        run: go build -v ./...
 
-    - name: Install goveralls
-      env:
-        GO111MODULE: off
-      run: go get github.com/mattn/goveralls
-
-    - name: Send coverage
-      env:
-        COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: $(go env GOPATH)/bin/goveralls -coverprofile=covprofile -service=github
-
+      - name: Test
+        run: go test -v -race -covermode atomic ./...

.gitignore

@@ -0,0 +1,4 @@
+.idea
+*.pem
+odohd
+dist/

.goreleaser.yml

@@ -0,0 +1,26 @@
+before:
+  hooks:
+    - go mod download
+builds:
+  -
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - arm64
+nfpms:
+  - id: odohd
+    package_name: odohd
+    vendor: Emerald Onion
+    homepage: https://packetframe.com
+    maintainer: Nate Sales <[email protected]>
+    description: Oblivious DNS over HTTPS server
+    license: GNU GPL-3.0
+    section: utils
+    priority: extra
+    formats:
+      - deb
+      - rpm

README.md

@@ -1,95 +1,28 @@
-# odoh-server-go
+# odohd
 
-[![Coverage Status](https://coveralls.io/repos/github/cloudflare/odoh-server-go/badge.svg?branch=master)](https://coveralls.io/github/cloudflare/odoh-server-go?branch=master)
+[Oblivious DoH Server](https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh) based on [Cloudflare's odoh-server-go](https://github.com/cloudflare/odoh-server-go)
 
-[Oblivious DoH Server](https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh)
+![Coverage Badge](coverage_badge.png)
+[![Go Report](https://goreportcard.com/badge/github.com/emeraldonion/odohd?style=for-the-badge)](https://goreportcard.com/report/github.com/emeraldonion/odohd)
+[![License](https://img.shields.io/github/license/emeraldonion/odohd?style=for-the-badge)](https://raw.githubusercontent.com/emeraldonion/odohd/main/LICENSE)
+[![Release](https://img.shields.io/github/v/release/emeraldonion/odohd?style=for-the-badge)](https://github.com/emeraldonion/odohd/releases)
 
-# Preconfigured Deployments
+This fork includes changes for a server suited to Emerald Onion's production deployment.
 
-[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
-[![deploy to Scalingo](https://cdn.scalingo.com/deploy/button.svg)](https://my.scalingo.com/deploy)
-
-# Local development
-
-To deploy the server locally, first acquire a TLS certificate using [mkcert](https://github.com/FiloSottile/mkcert) as follows:
-
-~~~
-$ mkcert -key-file key.pem -cert-file cert.pem 127.0.0.1 localhost
-~~~
-
-Then build and run the server as follows:
-
-~~~
-$ make all
-$ CERT=cert.pem KEY=key.pem PORT=4567 ./odoh-server
-~~~
-
-You may then run the [corresponding client](https://github.com/cloudflare/odoh-client-go) as follows:
-
-~~~
-$ ./odoh-client odoh --proxy localhost:4567 --target odoh.cloudflare-dns.com --domain cloudflare.com
-;; opcode: QUERY, status: NOERROR, id: 14306
-;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
-
-;; QUESTION SECTION:
-;cloudflare.com.	IN	 AAAA
-
-;; ANSWER SECTION:
-cloudflare.com.	271	IN	AAAA	2606:4700::6810:84e5
-cloudflare.com.	271	IN	AAAA	2606:4700::6810:85e5
-~~~
-
-# Usage
-
-To deploy, run:
-
-~~~
-$ gcloud app deploy proxy.yaml
-...
-$ gcloud app deploy target.yaml
-...
-~~~
-
-To check on its status, run:
-
-~~~
-$ gcloud app browse
-~~~
-
-To stream logs when deployed, run
-
-~~~
-$ gcloud app logs tail -s default
-~~~
-
-To run locally build and run the project using
-
-```shell
-go build
-PORT=8080 ./odoh-server-go
-```
-
-By default, the proxy listens on `/proxy` and the target listens on `/dns-query`.
-
-## Reverse proxy
-
-You need to deploy a reverse proxy with a valid TLS server certificate
-for clients to be able to authenticate the target or proxy.
-
-The simplest option for this is using [Caddy](https://caddyserver.com).
-Caddy will automatically provision a TLS certificate using ACME from [Let's Encrypt](https://letsencrypt.org).
-
-For instance:
+## Usage:
 
 ```
-caddy reverse-proxy --from https://odoh.example.net:443 --to 127.0.0.1:8080
-```
-
-Alternatively, use a Caddyfile similar to:
-
-```
-odoh.example.net
-
-reverse_proxy localhost:8080
+Usage:
+  odohd [OPTIONS]
+
+Application Options:
+  -l, --listen=   Address to listen on (default: localhost:8080)
+  -r, --resolver= Target DNS resolver to query (default: 127.0.0.1:53)
+  -t, --no-tls    Disable TLS
+  -c, --cert=     TLS certificate file
+  -k, --key=      TLS key file
+  -v, --verbose   Enable verbose logging
+
+Help Options:
+  -h, --help      Show this help message
 ```
-and run `caddy start`.

go.mod

@@ -1,11 +1,13 @@
-module github.com/cloudflare/odoh-server-go
+module github.com/emeraldonion/odohd
 
-go 1.14
+go 1.16
 
 require (
-	cloud.google.com/go/logging v1.1.1
-	github.com/cisco/go-hpke v0.0.0-20201215202025-9cebdf8f33d4
-	github.com/cloudflare/odoh-go v0.1.4
-	github.com/elastic/go-elasticsearch/v8 v8.0.0-20201022194115-1af099fb3eca
-	github.com/miekg/dns v1.1.35
+	github.com/cisco/go-hpke v0.0.0-20210215210317-01c430f1f302
+	github.com/cloudflare/odoh-go v0.1.6
+	github.com/jessevdk/go-flags v1.5.0
+	github.com/miekg/dns v1.1.41
+	github.com/sirupsen/logrus v1.8.1
+	golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 // indirect
+	golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57 // indirect
 )