Merge pull request #34 from Valian/32-resolver-variable

added RESOLVER_ADDRESS variable
Valian · Nov 10, 2019 · 968dc6a · 968dc6a
2 parents d5eea55 + 457deb3
commit 968dc6a
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,13 @@
 FROM openresty/openresty:alpine-fat
 
 # allowed domains should be lua match pattern
-ENV DIFFIE_HELLMAN='' ALLOWED_DOMAINS='.*' AUTO_SSL_VERSION='0.13.1' FORCE_HTTPS='true' SITES='' LETSENCRYPT_URL='https://acme-v02.api.letsencrypt.org/directory'
+ENV DIFFIE_HELLMAN='' \
+    ALLOWED_DOMAINS='.*' \
+    AUTO_SSL_VERSION='0.13.1' \
+    FORCE_HTTPS='true' \
+    SITES='' \
+    LETSENCRYPT_URL='https://acme-v02.api.letsencrypt.org/directory' \
+    RESOLVER_ADDRESS='8.8.8.8'
 
 # Here we install open resty and generate dhparam.pem file.
 # You can specify DIFFIE_HELLMAN=true to force regeneration of that file on first run

diff --git a/README.md b/README.md
@@ -76,6 +76,7 @@ Available configuration options:
  | SITES | `db.com=localhost:5432; *.app.com=localhost:8080`, `_=localhost:8080` | Shortcut for defining multiple proxies, in form of `domain1=endpoint1; domain2=endpoint2`. Default template for proxy is [here](https://github.com/Valian/docker-nginx-auto-ssl/blob/master/snippets/server-proxy.conf). Name `_` means default server, just like in nginx configuration |
  | FORCE_HTTPS | `true`, `false` | If `true`, automatically adds location to `resty-server-http.conf` redirecting traffic from http to https. `true` by default. |
  | LETSENCRYPT_URL | `https://acme-v01.api.letsencrypt.org/directory`, `https://acme-staging.api.letsencrypt.org/directory` | Let's Encrypt server URL to use |
+ | RESOLVER_ADDRESS | `8.8.8.8`, `127.0.0.53` | DNS resolver used for OCSP stapling. `8.8.8.8` by default. |
 
 
 If you want to proxy multiple sites (probably the most common case, that's why I've made it possible to achieve without custom configuration):

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -58,8 +58,8 @@ if [ "$FORCE_HTTPS" == "true" ]; then
 fi
 
 
-# let's substitute $ALLOWED_DOMAINS and $LETSENCRYPT_URL into OpenResty configuration
-envsubst '$ALLOWED_DOMAINS,$LETSENCRYPT_URL' \
+# let's substitute $ALLOWED_DOMAINS, $LETSENCRYPT_URL and $RESOLVER_ADDRESS into OpenResty configuration
+envsubst '$ALLOWED_DOMAINS,$LETSENCRYPT_URL,$RESOLVER_ADDRESS' \
   < ${RESTY_CONF_DIR}/resty-http.conf \
   > ${RESTY_CONF_DIR}/resty-http.conf.copy \
   && mv ${RESTY_CONF_DIR}/resty-http.conf.copy ${RESTY_CONF_DIR}/resty-http.conf

diff --git a/snippets/resty-http.conf b/snippets/resty-http.conf
@@ -14,7 +14,7 @@ lua_shared_dict auto_ssl_settings 64k;
 # default DNS servers, which can be found in /etc/resolv.conf. If your network
 # is not IPv6 compatible, you may wish to disable IPv6 results by using the
 # "ipv6=off" flag (like "resolver 8.8.8.8 ipv6=off").
-resolver 8.8.8.8;
+resolver $RESOLVER_ADDRESS;
 
 # Initial setup tasks.
 init_by_lua_block {