From c44066334e9b735239cb5727500a32c36ea33567 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sun, 30 Jul 2023 10:39:55 +0200 Subject: [PATCH] Fix resolver issue in reverse proxies --- playbooks/roles/services/deploy/rproxy/files/config/nginx.conf | 2 ++ .../rproxy/templates/systemd/container-rproxy-nginx.service | 2 ++ 2 files changed, 4 insertions(+) diff --git a/playbooks/roles/services/deploy/rproxy/files/config/nginx.conf b/playbooks/roles/services/deploy/rproxy/files/config/nginx.conf index a6d6d60..7485108 100644 --- a/playbooks/roles/services/deploy/rproxy/files/config/nginx.conf +++ b/playbooks/roles/services/deploy/rproxy/files/config/nginx.conf @@ -27,6 +27,8 @@ http { #gzip on; + include /etc/nginx/resolver.conf; + # Configuration based on https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html. # SSL protocols. diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service index b23bec8..027f1bf 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service @@ -11,6 +11,7 @@ OnFailure=status-mail@%n.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 +ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf' ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id ExecStart=/usr/bin/podman run \ --conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \ @@ -24,6 +25,7 @@ ExecStart=/usr/bin/podman run \ {{ services_rproxy_nginx_add_inet_hosts }} \ {{ services_rproxy_nginx_add_inet6_hosts }} \ -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ + -v %t/resolver.conf:/etc/nginx/resolver.conf:ro \ -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \ -v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \