diff --git a/dns/dnscrypt-proxy/Makefile b/dns/dnscrypt-proxy/Makefile
index 02031d896..9d20a0808 100644
--- a/dns/dnscrypt-proxy/Makefile
+++ b/dns/dnscrypt-proxy/Makefile
@@ -1,8 +1,7 @@
PLUGIN_NAME= dnscrypt-proxy
-PLUGIN_VERSION= 0.1
+PLUGIN_VERSION= 1.0
PLUGIN_COMMENT= Flexible DNS proxy supportung DNSCrypt and DoH
PLUGIN_DEPENDS= dnscrypt-proxy2
PLUGIN_MAINTAINER= m.muenz@gmail.com
-PLUGIN_DEVEL= yes
.include "../../Mk/plugins.mk"
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
index d784dbd0b..6ad1b353e 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
@@ -13,6 +13,12 @@
true
Set the IP address and port combinations this service should listen on, e.g 127.0.0.1:5353 and/or [::1]:5353
+
+ general.allowprivileged
+
+ checkbox
+ This will allow you to run the service on port 53.
+
general.max_clients
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
index 10d7f6abd..f45478a3f 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
@@ -11,6 +11,10 @@
127.0.0.1:5353,[::1]:5353
N
+
+ 0
+ Y
+
250
Y
diff --git a/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh b/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
new file mode 100755
index 000000000..b5f8cb395
--- /dev/null
+++ b/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
@@ -0,0 +1,2 @@
+mkdir -p /var/log/dnscrypt-proxy/
+chown _dnscrypt-proxy:_dnscrypt-proxy /var/log/dnscrypt-proxy/
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf b/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf
index cbd158b77..d5298dafd 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf
+++ b/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf
@@ -1,5 +1,5 @@
[start]
-command:/usr/local/etc/rc.d/dnscrypt-proxy start
+command:/usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh;/usr/local/etc/rc.d/dnscrypt-proxy start
parameters:
type:script
message:starting dnscrypt-proxy
@@ -11,7 +11,7 @@ type:script
message:stopping dnscrypt-proxy
[restart]
-command:/usr/local/etc/rc.d/dnscrypt-proxy restart
+command:/usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh;/usr/local/etc/rc.d/dnscrypt-proxy restart
parameters:
type:script
message:restarting dnscrypt-proxy
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
index eee0fe17d..75864165a 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
@@ -64,7 +64,7 @@ timeout = {{ OPNsense.dnscryptproxy.general.timeout }}
keepalive = {{ OPNsense.dnscryptproxy.general.keepalive }}
log_level = 2
-log_file = 'dnscrypt-proxy.log'
+log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
use_syslog = false
cert_refresh_delay = {{ OPNsense.dnscryptproxy.general.cert_refresh_delay }}
@@ -115,16 +115,16 @@ cache = false
{% endif %}
[query_log]
- file = 'query.log'
+ file = '/var/log/dnscrypt-proxy/query.log'
format = 'tsv'
[nx_log]
- file = 'nx.log'
+ file = '/var/log/dnscrypt-proxy/nx.log'
format = 'tsv'
[whitelist]
whitelist_file = 'whitelist.txt'
- log_file = 'whitelisted.log'
+ log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
log_format = 'tsv'
[sources]
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy
index d0f6db463..8b8088749 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy
@@ -1,5 +1,8 @@
{% if helpers.exists('OPNsense.dnscryptproxy.general.enabled') and OPNsense.dnscryptproxy.general.enabled == '1' %}
dnscrypt_proxy_enable="YES"
+{% if helpers.exists('OPNsense.dnscryptproxy.general.allowprivileged') and OPNsense.dnscryptproxy.general.allowprivileged == '1' %}
+dnscrypt_proxy_suexec="YES"
+{% endif %}
{% else %}
dnscrypt_proxy_enable="NO"
{% endif %}