1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 03:46:29 +00:00

Add dynamically-computed DNS resolvers to nginx (for PR #574)

This commit is contained in:
Steve Kamerman 2016-10-01 10:42:58 -04:00 committed by Teoh Han Hui
parent 6bdd184d6a
commit 0cc71fad49
No known key found for this signature in database
GPG Key ID: 729783C96A30C9B8
2 changed files with 16 additions and 0 deletions

View File

@ -18,6 +18,12 @@ fi
# Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default
/app/generate-dhparam.sh $DHPARAM_BITS
# Compute the DNS resolvers for use in the templates
export RESOLVERS=$(awk '$1 == "nameserver" {print $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')
if [ "x$RESOLVERS" = "x" ]; then
echo "Warning: unable to determine DNS resolvers for nginx" >&2
fi
# If the user has run the default command and the socket doesn't exist, fail
if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then
exit 1

View File

@ -58,6 +58,10 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
access_log off;
{{ if ne $.Env.RESOLVERS "" }}
resolver {{ $.Env.RESOLVERS }};
{{ end }}
{{ if (exists "/etc/nginx/proxy.conf") }}
include /etc/nginx/proxy.conf;
{{ else }}
@ -198,6 +202,12 @@ server {
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
{{ end }}
{{ if (exists (printf "/etc/nginx/certs/%s.chain.crt" $cert)) }}
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
{{ end }}
{{ if (ne $https_method "noredirect") }}
add_header Strict-Transport-Security "max-age=31536000";
{{ end }}