From ec8fe0b40c5f0cf48ad2c94174e3c23898c86428 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Fri, 13 Dec 2019 13:59:36 +0100
Subject: [PATCH] + DNS: Allow DOH queries via unencrypted HTTP (e.g. for
 reverse proxying)

---
 home/config.go  | 3 +++
 home/control.go | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/home/config.go b/home/config.go
index 019612eb..3db7a963 100644
--- a/home/config.go
+++ b/home/config.go
@@ -117,6 +117,9 @@ type tlsConfigSettings struct {
 	PortHTTPS      int    `yaml:"port_https" json:"port_https,omitempty"`               // HTTPS port. If 0, HTTPS will be disabled
 	PortDNSOverTLS int    `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled
 
+	// Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
+	AllowUnencryptedDOH bool `yaml:"allow_unencrypted_doh" json:"allow_unencrypted_doh"`
+
 	dnsforward.TLSConfig `yaml:",inline" json:",inline"`
 }
 
diff --git a/home/control.go b/home/control.go
index 2953cf14..87247190 100644
--- a/home/control.go
+++ b/home/control.go
@@ -144,7 +144,7 @@ func handleGetProfile(w http.ResponseWriter, r *http.Request) {
 // DNS-over-HTTPS
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
-	if r.TLS == nil {
+	if !config.TLS.AllowUnencryptedDOH && r.TLS == nil {
 		httpError(w, http.StatusNotFound, "Not Found")
 		return
 	}