This container is a general purpose Handshake access gateway server
It provides this service by running a number of servers to assit you in accessing the Handshake world.
- A Handshake aware DNS server, including full DNSSEC support
- A DNS-over-HTTPS (DoH) gateway to the DNS service
- A Handshake aware
squid
proxy cache - A Handshake aware Website Proxy Service
If you point you desktop / servers to this container to get their DNS, they will have access to all the ICANN and Handshake DNS domains, including full DNSSEC support.
NOTE: the DNS server take a little time to seed itself (should be less than a minute), and this needs to be
done each time you restart the container, unless you make the container's directory /opt/named/zones
persistent
across restarts, e.g by using the option -v
to map the container's directory to a directory on the host system.
All the other services use this service, so will also no work until this seeding is complete
The DoH service follows the Google JSON/DNS/API spec.
The certificate (for the HTTPS) is issued by a private certificate authority for the name wwwhns.regserv.net
, which will
resolve to 127.0.0.1
. The file myCA.pem
is the public key for that authority. If you want your browser to
trust my private certificate authority, you can do that by loading this public key into your browser, otherwise your
browser will give you a warning.
If you wish to use your own certificate, replace the file /opt/pems/certkey.pem
with a PEM of both the certificate & private key.
With the container running on your desktop, you can test the DoH service with something like this
curl --cacert myCA.pem https://wwwhns.regserv.net/dns/api/v1.0/resolv?name=www.google.com
A proxy cache will fetch web pages for you & keep a cached copy, not very useful for a single PC, but if the cache is shared with everybody on a LAN, it can save up to 50% of download traffic.
In this case its usefulness is in the fact that it know how to access Handshake websites, so all you have to do is configure your web browser to use the proxy cache (all browsers support this), and you will then be able to access Handshake websites directly from you favourite browser.
The proxy cache runs on port 3128
. If you are running this container on your desktop PC, then the IP Address will be 127.0.0.1
A Website Proxy Service is a website that will ask yuo what website you want to visit, then fetch it for you. The advantage of this is that you can then access Handshake Websites without having to change your browser's configuration in any way.
The disadvantage is that, due to the complexity of modern websites, this technique often does not correctly display modern sites.
So its a quick & easy way to get access to a Handhsake web site, but may not always work.
If you are running this container on your desktop, you should be able to access the Website Proxy Service at the following URL
https://wwwhns.regserv.net/