martin/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE synced 2025-02-07 08:19:17 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
9d0bad8aeb
ProxmoxVE/install/unbound-install.sh
Wim 9d0bad8aeb
Update install/unbound-install.sh 
Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com>
2024-11-28 12:53:29 +01:00

113 lines
2.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2024 community-scripts ORG
# Author: wimb0
# License: MIT
# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
sudo \
curl \
mc
msg_ok "Installed Dependencies"
msg_info "Installing Unbound"
$STD apt-get install -y \
unbound \
unbound-host
msg_info "Installed Unbound"
cat <<EOF >/etc/unbound/unbound.conf.d/unbound.conf
server:
verbosity: 0
interface: 0.0.0.0
port: 5335
do-ip6: no
do-ip4: yes
do-udp: yes
do-tcp: yes
num-threads: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-referral-path: yes
use-caps-for-id: no
qname-minimisation: yes
rrset-roundrobin: yes
cache-min-ttl: 300
cache-max-ttl: 14400
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
serve-expired: yes
serve-expired-ttl: 3600
edns-buffer-size: 1232
prefetch: yes
prefetch-key: yes
target-fetch-policy: "3 2 1 1 1"
unwanted-reply-threshold: 10000000
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.1/32 allow
chroot: ""
logfile: /var/log/unbound.log
log-queries: yes
statistics-interval: 0
extended-statistics: yes
harden-below-nxdomain: yes
EOF
touch /var/log/unbound.log
chown unbound:unbound /var/log/unbound.log
systemctl restart unbound
msg_ok "Installed Unbound"
msg_ok "Configuring Logrotate"
cat <<EOF >/etc/logrotate.d/unbound
/var/log/unbound.log {
daily
rotate 7
missingok
notifempty
compress
delaycompress
sharedscripts
create 644
postrotate
/usr/sbin/unbound-control log_reopen
endscript
}
EOF
systemctl restart logrotate
msg_ok "Configured Logrotate"
motd_ssh
customize
msg_info "Cleaning up"
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleaned"
Reference in New Issue View Git Blame Copy Permalink