feat(packaging): ODoH client Docker deploy recipe #131

Merged

razvandimescu merged 1 commits from feat/packaging-client-docker into main 2026-04-23 04:11:51 +08:00

Conversation 0 Commits 1 Files Changed 4 +123 -53

razvandimescu commented 2026-04-22 21:36:04 +08:00 (Migrated from github.com)

Copy Link

Summary

• New packaging/client/ with docker-compose.yml, starter numa.toml, and a deploy README for running numa as an ODoH client in one container.
• Default config pairs odoh-relay.numa.rs with Cloudflare's ODoH target — two independent operators with distinct eTLD+1s, so it passes the same-operator check out of the box.
• Exposes :53 (UDP+TCP) for LAN clients and :5380 for the dashboard + REST API.
• Main README's Docker section now links both packaging/client/ and the existing packaging/relay/.

Test plan

Verified locally via docker run with host ports overridden to 5553:53 + 5381:5380, image ghcr.io/razvandimescu/numa:latest.

• Container starts; upstream wires to odoh://odoh.cloudflare-dns.com/dns-query via odoh-relay.numa.rs/relay; blocklist downloads (412k domains).
• dig @127.0.0.1 -p 5553 example.com resolves (104.20.23.154, 172.66.147.243).
• curl http://127.0.0.1:5381/stats | jq '.upstream_transport.odoh' increments (2 queries → odoh: 2, other transports 0).
• Same-eTLD+1 relay + target makes numa refuse to start: "upstream.relay and upstream.target resolve to the same host ... privacy property requires distinct operators".

Caught pre-merge: original commit had relay = .../proxy (Frank Denis's relay path). Numa's own relay is /relay. Fixed in amended commit 26b1cd5.

## Summary - New `packaging/client/` with `docker-compose.yml`, starter `numa.toml`, and a deploy README for running numa as an ODoH client in one container. - Default config pairs `odoh-relay.numa.rs` with Cloudflare's ODoH target — two independent operators with distinct eTLD+1s, so it passes the same-operator check out of the box. - Exposes `:53` (UDP+TCP) for LAN clients and `:5380` for the dashboard + REST API. - Main README's Docker section now links both `packaging/client/` and the existing `packaging/relay/`. ## Test plan Verified locally via `docker run` with host ports overridden to `5553:53` + `5381:5380`, image `ghcr.io/razvandimescu/numa:latest`. - [x] Container starts; upstream wires to `odoh://odoh.cloudflare-dns.com/dns-query via odoh-relay.numa.rs/relay`; blocklist downloads (412k domains). - [x] `dig @127.0.0.1 -p 5553 example.com` resolves (`104.20.23.154`, `172.66.147.243`). - [x] `curl http://127.0.0.1:5381/stats | jq '.upstream_transport.odoh'` increments (2 queries → `odoh: 2`, other transports `0`). - [x] Same-eTLD+1 `relay` + `target` makes numa refuse to start: `"upstream.relay and upstream.target resolve to the same host ... privacy property requires distinct operators"`. Caught pre-merge: original commit had `relay = .../proxy` (Frank Denis's relay path). Numa's own relay is `/relay`. Fixed in amended commit `26b1cd5`.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

docker

Pull requests that update docker code

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

github_actions

Pull requests that update GitHub Actions code

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

rust

Pull requests that update rust code

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/numa#131