Force nginx to run dns queries at runtime

master
kaiyou 7 years ago
parent dc79e6e539
commit eb32871904

@ -18,9 +18,16 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
server_tokens off; server_tokens off;
absolute_redirect off; absolute_redirect off;
resolver {{ RESOLVER }} valid=30s;
# Main HTTP server # Main HTTP server
server { server {
# Variables for proxifying
set $admin admin;
set $antispam antispam:11334;
set $webmail webmail;
set $webdav webdav:5232;
# Always listen over HTTP # Always listen over HTTP
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -44,7 +51,7 @@ http {
# In any case, enable the proxy for certbot if the flavor is letsencrypt # In any case, enable the proxy for certbot if the flavor is letsencrypt
{% if TLS_FLAVOR == 'letsencrypt' %} {% if TLS_FLAVOR == 'letsencrypt' %}
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
proxy_pass http://localhost:8008; proxy_pass http://127.0.0.1:8008;
} }
{% endif %} {% endif %}
@ -64,7 +71,8 @@ http {
location {{ WEB_WEBMAIL }} { location {{ WEB_WEBMAIL }} {
rewrite ^({{ WEB_WEBMAIL }})$ $1/ permanent; rewrite ^({{ WEB_WEBMAIL }})$ $1/ permanent;
rewrite ^{{ WEB_WEBMAIL }}/(.*) /$1 break; rewrite ^{{ WEB_WEBMAIL }}/(.*) /$1 break;
proxy_pass http://webmail; proxy_set_header Host $host;
proxy_pass http://$webmail;
} }
{% endif %} {% endif %}
@ -76,7 +84,8 @@ http {
location ~ {{ WEB_ADMIN }}/(ui|static) { location ~ {{ WEB_ADMIN }}/(ui|static) {
rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break; rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break;
proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }}; proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }};
proxy_pass http://admin; proxy_set_header Host $host;
proxy_pass http://$admin;
} }
location {{ WEB_ADMIN }}/antispam { location {{ WEB_ADMIN }}/antispam {
@ -84,14 +93,14 @@ http {
auth_request /internal/auth/admin; auth_request /internal/auth/admin;
proxy_set_header X-Real-IP ""; proxy_set_header X-Real-IP "";
proxy_set_header X-Forwarded-For ""; proxy_set_header X-Forwarded-For "";
proxy_pass http://antispam:11334; proxy_pass http://$antispam;
} }
{% endif %} {% endif %}
{% if WEBDAV != 'none' %} {% if WEBDAV != 'none' %}
location /webdav { location /webdav {
rewrite ^/webdav/(.*) /$1 break; rewrite ^/webdav/(.*) /$1 break;
proxy_pass http://webdav:5232; proxy_pass http://$webdav;
} }
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -99,7 +108,7 @@ http {
location /internal { location /internal {
internal; internal;
proxy_pass http://admin; proxy_pass http://$admin;
proxy_pass_request_body off; proxy_pass_request_body off;
proxy_set_header Content-Length ""; proxy_set_header Content-Length "";
} }
@ -110,7 +119,7 @@ http {
listen 127.0.0.1:8000; listen 127.0.0.1:8000;
location / { location / {
proxy_pass http://admin/internal/; proxy_pass http://$admin/internal/;
} }
} }
} }

@ -7,6 +7,13 @@ convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).
args = os.environ.copy() args = os.environ.copy()
# Get the first DNS server
with open("/etc/resolv.conf") as handle:
content = handle.read().split()
args["RESOLVER"] = content[content.index("nameserver") + 1]
# TLS configuration
args["TLS"] = { args["TLS"] = {
"cert": ("/certs/cert.pem", "/certs/key.pem"), "cert": ("/certs/cert.pem", "/certs/key.pem"),
"mail": ("/certs/cert.pem", "/certs/key.pem"), "mail": ("/certs/cert.pem", "/certs/key.pem"),
@ -20,6 +27,7 @@ if args["TLS"] and not all(os.path.exists(file_path) for file_path in args["TLS"
args["TLS_ERROR"] = "yes" args["TLS_ERROR"] = "yes"
# Build final configuration paths
convert("/conf/tls.conf", "/etc/nginx/tls.conf", args) convert("/conf/tls.conf", "/etc/nginx/tls.conf", args)
convert("/conf/nginx.conf", "/etc/nginx/nginx.conf", args) convert("/conf/nginx.conf", "/etc/nginx/nginx.conf", args)
os.system("nginx -s reload") os.system("nginx -s reload")

Loading…
Cancel
Save