- General improvements
- Parallel download of only needed files at start
- Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.)
- Simplified Docker final image
- Faster bootup
- DNS over TLS
- Finer grain blocking at DNS level: malicious, ads and surveillance
- Choose your DNS over TLS providers
- Ability to use multiple DNS over TLS providers for DNS split horizon
- Environment variables for DNS logging
- DNS block lists needed are downloaded and built automatically at start, in parallel
- PIA
- A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR)
- Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR)
- Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required
- Documentation fixed and clarified
- `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
- Cleaner logs
- HTTP proxy is working... finally
- Firewall was adjusted
- Firewall cannot be turned off anymore
- portforward script changes the firewall
- readme reworked
- Possibility to pass commands to Openvpn with Docker command
- Removed nonrootgroup
- File directories are slightly different
- Resolv-retry is removed as pointless as IP addresses are used
- Fixed some arguments to openvpn
- Unbound ran as `nonrootuser`
- Readme updated
- auth.conf replaced by `USER` and `PASSWORD` env variables
- Removed Nginx section from readme for now
- Reworked entrypoint with more checks
- Malicious IPs and hostnames building is done at Docker build to gain time at launch
- docker-compose updated to reflect changes
- Region change to "CA Montreal"
- Using external data images for malicious hostnames
- Added malicious IP addresses blocking with Unbound
- Unbound has DNS rebinding protection
- Multi stage build
- Download and checks Unbound Root anchors
- Download and build malicious hostnames block list for Unbound
- Healthcheck only based on the current IP being different from the initial IP
- IPv6 related completely removed
- Multiple checks at launch with $?
- Launch openvpn as root (can't change user)
- Unbound configured with DNS SEC for DNS over TLS
Quentin McGaw (desktop)