configure DoH on Ubuntu

install-doh.sh

#!/usr/bin/env bash
set -e

echo "[1/6] 安装 cloudflared..."
if ! command -v cloudflared >/dev/null 2>&1; then
  wget -q https://ghfast.top/https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -O /tmp/cloudflared.deb
  sudo dpkg -i /tmp/cloudflared.deb || sudo apt-get install -f -y
  rm -f /tmp/cloudflared.deb
else
  echo "cloudflared 已安装，跳过。"
fi

CLOUDFLARED_BIN=$(command -v cloudflared)
echo "cloudflared 路径: $CLOUDFLARED_BIN"

echo "[2/6] 创建 systemd service..."
sudo tee /etc/systemd/system/cloudflared-dns.service >/dev/null <<EOF
[Unit]
Description=Cloudflared DNS over HTTPS proxy
After=network.target

[Service]
ExecStart=${CLOUDFLARED_BIN} proxy-dns --address 127.0.0.1 --port 5053 \
  --upstream https://223.5.5.5/dns-query \
  --upstream https://223.6.6.6/dns-query \
  --upstream https://doh.pub/dns-query \
  --upstream https://dns.pub/dns-query
Restart=always
User=nobody
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

echo "[3/6] 重新加载 systemd 并启用服务..."
sudo systemctl daemon-reexec
sudo systemctl enable --now cloudflared-dns

echo "[4/6] 配置 systemd-resolved..."
sudo mkdir -p /etc/systemd/resolved.conf.d
sudo tee /etc/systemd/resolved.conf.d/dns.conf >/dev/null <<EOF
[Resolve]
DNS=127.0.0.1:5053
FallbackDNS=223.5.5.5 223.6.6.6
DNSSEC=no
EOF

echo "[5/6] 重启 systemd-resolved..."
sudo systemctl restart systemd-resolved

echo "[6/6] 检查 DNS 配置..."
resolvectl status | grep "DNS Servers"

echo "✅ 安装完成！现在系统 DNS 已经走 DoH。"

使用方式：

bash -c "$(curl -fsSL https://gist.github.com/Deali-Axy/8b2ad8e5a601f2c43f6e7debdfb0aa29/raw/3c57dbce7dc0e224ad4ad35606f15cbc34d4810e/install-doh.sh)"