Dnscrypt-proxy as a service

Ubuntu 16.04, it’s working great except I have to start it after boot up from the terminal. Likely caused by unfamiliarity with systemd service files. I’m on a tablet now, but will post the file later when at my desktop.

[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target
Wants=nss-lookup.target

[Service]
NonBlocking=true
ExecStart=/usr/local/dnscrypt-proxy --config /usr/local/dnscrypt-proxy/dnscrypt-proxy.toml
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes

DynamicUser=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

The above is the dnscrypt-proxy.service file.

Staring at this file, I see that I missed the last slash and file name in the ExecStart line…The first part should be “ExecStart=/usr/local/dnscrypt-proxy/dnscrypt-proxy.”

I’ll put it in and see what happens.
[edit] Nothing…But, I am happy to report that after another day hunkered over my keyboard, success!! It was mostly typing too fast, and for too long, and things like “rc.local” not being built into the latest releases of Ubuntu.
( ͡~ ͜ʖ ͡°)

1 Like

so you got it all set up and working correctly?

It works great, and it survived a hot reboot yesterday…But, I completely shut off the machine last night, and it did not start by itself after this cold boot. I restarted it (obviously) , and did another hot reboot and it restarted itself again. So I am now going over the sequence to discover why it’s not starting from a cold boot.

Success! Here is the dnscrypt-proxy.service file:
#!bin/bash

[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target
Wants=nss-lookup.target

[Service]
NonBlocking=true
ExecStart=/usr/local/dnscrypt-proxy/dnscrypt-proxy --config /usr/local/dnscrypt-proxy/dnscrypt-proxy.toml
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes

#Run dnscrypt-proxy as unprivileged user with
#temporary assigned UID/GID. See man:systemd.exec
#for more info. Requires systemd 232+.
DynamicUser=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
Restart=on-failure
RestartSec=5s

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

#end

Added the 2 “Restart” lines, and put the original dnscrypt-proxy.toml contents back into that file…but it hit home that if you don’t track your configurations, you will have less hair than you currently have! I changed the initial resolver (Cisco) to Cloudflare, as well.

1 Like