From 62b4ad7521b7181e4f9697f189b0f4feabc1d337 Mon Sep 17 00:00:00 2001 From: "dave@tiredofit.ca" Date: Wed, 7 Aug 2024 09:12:09 -0700 Subject: [PATCH] Release 6.5.0 - See CHANGELOG.md --- CHANGELOG.md | 9 +++++++++ README.md | 2 +- install/assets/defaults/10-nginx | 1 - install/assets/functions/10-nginx | 8 +++++++- install/etc/nginx/nginx.conf | 1 + install/etc/nginx/snippets/resolver.conf | 1 + 6 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 install/etc/nginx/snippets/resolver.conf diff --git a/CHANGELOG.md b/CHANGELOG.md index 0323256..878998d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## 6.5.0 2024-08-07 + + ### Added + - Add NGINX_RESOLVER environment variable to use a specific resolver when looking up DNS hostnames in proxy mode + + ### Changed + - Fix nginx reload configuration service to look for proper config folders + + ## 6.4.15 2024-05-29 ### Added diff --git a/README.md b/README.md index 24e836f..e3cd6b7 100644 --- a/README.md +++ b/README.md @@ -170,7 +170,6 @@ You can choose to request visitors be authenticated before accessing your site. | Parameter | Description | Default | `_FILE` | | ------------------------------------------- | ------------------------------------------------------------------------------------------- | ------------------- | ------- | -| `NGINX_RESOLVER` | resolver | `127.0.0.11` | | | `NGINX_AUTHENTICATION_TYPE` | Protect the site with `BASIC`, `LDAP`, `LLNG` | `NONE` | | | `NGINX_AUTHENTICATION_TITLE` | Challenge response when visiting protected site | `Please login` | | | `NGINX_AUTHENTICATION_BASIC_USER1` | If `BASIC` chosen enter this for the username to protect site | `admin` | x | @@ -277,6 +276,7 @@ Presently you can compress your served content with gzip and brotli. More compre | `NGINX_FORCE_RESET_PERMISSIONS` | Force setting Nginx files ownership to web server user | `TRUE` | | `NGINX_MODE` | Set to `NORMAL`, `MAINTENANCE` , `PROXY`, `REDIRECT` | `NORMAL` | | `NGINX_REDIRECT_URL` | If `REDIRECT` set enter full url to forward all traffic to eg `https://example.com` | | +| `NGINX_RESOLVER` | Resolve hostnames via DNS. Space seperated values. e.g. `127.0.0.11` | | | `NGINX_PROXY_URL` | If `REDIRECT` set enter full url to proxy all traffic to eg `https://example.com:443` | | | `NGINX_SITE_ENABLED` | What sites to enable in `/etc/nginx/sites.available` Don't use `.conf` suffix | `ALL` | | `NGINX_USER` | What user to run nginx as inside container | `nginx` | diff --git a/install/assets/defaults/10-nginx b/install/assets/defaults/10-nginx index e58468e..387ad03 100755 --- a/install/assets/defaults/10-nginx +++ b/install/assets/defaults/10-nginx @@ -1,7 +1,6 @@ #!/command/with-contenv bash ENABLE_NGINX=${ENABLE_NGINX:-"TRUE"} -NGINX_RESOLVER=${NGINX_RESOLVER:-"127.0.0.11"} NGINX_AUTHENTICATION_BASIC_PASS=${NGINX_AUTHENTICATION_BASIC_PASS:-password} NGINX_AUTHENTICATION_BASIC_USER=${NGINX_AUTHENTICATION_BASIC_USER:-admin} NGINX_AUTHENTICATION_LDAP_ATTRIBUTE=${NGINX_AUTHENTICATION_LDAP_ATTRIBUTE:-"uid"} diff --git a/install/assets/functions/10-nginx b/install/assets/functions/10-nginx index 15995f1..7af3610 100755 --- a/install/assets/functions/10-nginx +++ b/install/assets/functions/10-nginx @@ -372,7 +372,6 @@ nginx_configure_mode() { nginx_configure_server() { update_template /etc/nginx/nginx.conf \ - NGINX_RESOLVER \ NGINX_CLIENT_BODY_BUFFER_SIZE \ NGINX_CLIENT_BODY_TIMEOUT \ NGINX_FASTCGI_BUFFERS \ @@ -444,6 +443,13 @@ nginx_configure_server() { PROTOCOL="http://" fi + if [ -n "${NGINX_RESOLVER}" ]; then + update_template /etc/nginx/snippets/resolver.conf \ + NGINX_RESOLVER + else + sed -i "\|include /etc/nginx/snippets/resolver.conf;|d" /etc/nginx/nginx.conf + fi + if var_false "${NGINX_ENABLE_MULTI_ACCEPT}"; then sed -i "\|multi_accept on;|d" /etc/nginx/nginx.conf fi diff --git a/install/etc/nginx/nginx.conf b/install/etc/nginx/nginx.conf index 467fbcb..a451780 100644 --- a/install/etc/nginx/nginx.conf +++ b/install/etc/nginx/nginx.conf @@ -49,6 +49,7 @@ http { include /etc/nginx/snippets/bot_blocker.conf; include /etc/nginx/snippets/ddos_protection.conf; include /etc/nginx/snippets/open_file_cache.conf; + include /etc/nginx/snippets/resolver.conf; include /etc/nginx/snippets/compression_gzip.conf; include /etc/nginx/snippets/compression_brotli.conf; include /etc/nginx/snippets/monitoring.conf; diff --git a/install/etc/nginx/snippets/resolver.conf b/install/etc/nginx/snippets/resolver.conf new file mode 100644 index 0000000..8185312 --- /dev/null +++ b/install/etc/nginx/snippets/resolver.conf @@ -0,0 +1 @@ +resolver {{NGINX_RESOLVER}}; \ No newline at end of file