From a89cf362adc2d0e8f093b9a836c0ae1bc79e7772 Mon Sep 17 00:00:00 2001 From: Stan Yagolnitser Date: Wed, 12 Dec 2018 00:18:34 -0800 Subject: [PATCH] set nginx DNS configuration from container resolv.conf to allow proxy to operate behind firewall --- entrypoint.sh | 9 +++++++++ nginx.conf | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 7b01b77..701f4d4 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,6 +3,15 @@ set -Eeuo pipefail trap "echo TRAPed signal" HUP INT QUIT TERM +#configure nginx DNS settings to match host, why must we do that nginx? +conf="resolver $(/usr/bin/awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) ipv6=off; # Avoid ipv6 addresses for now" +[ "$conf" = "resolver ;" ] && echo "no nameservers found" && exit 0 +confpath=/etc/nginx/resolvers.conf +if [ ! -e $confpath ] || [ "$conf" != "$(cat $confpath)" ] +then + echo "$conf" > $confpath +fi + # The list of SAN (Subject Alternative Names) for which we will create a TLS certificate. ALLDOMAINS="" diff --git a/nginx.conf b/nginx.conf index f684950..c0787d5 100644 --- a/nginx.conf +++ b/nginx.conf @@ -108,7 +108,8 @@ http { proxy_max_temp_file_size 0; # We need to resolve the real names of our proxied servers. - resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now + #resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now + include /etc/nginx/resolvers.conf; # forward proxy for non-CONNECT request location / { @@ -140,7 +141,8 @@ http { ssl_certificate_key /certs/web.key; # We need to resolve the real names of our proxied servers. - resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now + #resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now + include /etc/nginx/resolvers.conf; # Docker needs this. Don't ask. chunked_transfer_encoding on; @@ -238,4 +240,4 @@ http { } } -} \ No newline at end of file +}