set nginx DNS configuration from container resolv.conf to allow proxy to operate behind firewall

pull/7/head
Stan Yagolnitser 2018-12-12 00:18:34 -08:00
parent 97e77ccc56
commit a89cf362ad
2 changed files with 14 additions and 3 deletions

View File

@ -3,6 +3,15 @@
set -Eeuo pipefail set -Eeuo pipefail
trap "echo TRAPed signal" HUP INT QUIT TERM trap "echo TRAPed signal" HUP INT QUIT TERM
#configure nginx DNS settings to match host, why must we do that nginx?
conf="resolver $(/usr/bin/awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) ipv6=off; # Avoid ipv6 addresses for now"
[ "$conf" = "resolver ;" ] && echo "no nameservers found" && exit 0
confpath=/etc/nginx/resolvers.conf
if [ ! -e $confpath ] || [ "$conf" != "$(cat $confpath)" ]
then
echo "$conf" > $confpath
fi
# The list of SAN (Subject Alternative Names) for which we will create a TLS certificate. # The list of SAN (Subject Alternative Names) for which we will create a TLS certificate.
ALLDOMAINS="" ALLDOMAINS=""

View File

@ -108,7 +108,8 @@ http {
proxy_max_temp_file_size 0; proxy_max_temp_file_size 0;
# We need to resolve the real names of our proxied servers. # We need to resolve the real names of our proxied servers.
resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now #resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now
include /etc/nginx/resolvers.conf;
# forward proxy for non-CONNECT request # forward proxy for non-CONNECT request
location / { location / {
@ -140,7 +141,8 @@ http {
ssl_certificate_key /certs/web.key; ssl_certificate_key /certs/web.key;
# We need to resolve the real names of our proxied servers. # We need to resolve the real names of our proxied servers.
resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now #resolver 8.8.8.8 4.2.2.2 ipv6=off; # Avoid ipv6 addresses for now
include /etc/nginx/resolvers.conf;
# Docker needs this. Don't ask. # Docker needs this. Don't ask.
chunked_transfer_encoding on; chunked_transfer_encoding on;
@ -238,4 +240,4 @@ http {
} }
} }
} }