From 7b5b3a0a3013d4d05e78efec1912ef5555de188d Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Mon, 30 Sep 2024 21:24:40 +0300 Subject: [PATCH] angie: provide DNS resolver --- angie/autoconf.dist/http-resolver.conf.j2 | 2 + angie/autoconf.dist/resolver.j2m | 13 +++ angie/autoconf.dist/stream-resolver.conf.j2 | 2 + image-entry.d/06-resolver.envsh | 109 ++++++++++++++++++++ 4 files changed, 126 insertions(+) create mode 100644 angie/autoconf.dist/http-resolver.conf.j2 create mode 100644 angie/autoconf.dist/resolver.j2m create mode 100644 angie/autoconf.dist/stream-resolver.conf.j2 create mode 100755 image-entry.d/06-resolver.envsh diff --git a/angie/autoconf.dist/http-resolver.conf.j2 b/angie/autoconf.dist/http-resolver.conf.j2 new file mode 100644 index 0000000..c7091d0 --- /dev/null +++ b/angie/autoconf.dist/http-resolver.conf.j2 @@ -0,0 +1,2 @@ +{%- set resolver_status_zone = 'http_resolver' -%} +{% include 'resolver.j2m' %} diff --git a/angie/autoconf.dist/resolver.j2m b/angie/autoconf.dist/resolver.j2m new file mode 100644 index 0000000..338ac3a --- /dev/null +++ b/angie/autoconf.dist/resolver.j2m @@ -0,0 +1,13 @@ +{%- if env.NGX_RESOLVERS %} + {%- if env.NGX_RESOLVER_STACK == 'any' %} +resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }}; + {%- elif env.NGX_RESOLVER_STACK == 'ipv4' %} +resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=on ipv6=off; + {%- elif env.NGX_RESOLVER_STACK == 'ipv6' %} +resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=off ipv6=on; + {%- endif %} +{%- endif %} + +{%- if env.NGX_RESOLVER_TIMEOUT %} +resolver_timeout {{ env.NGX_RESOLVER_TIMEOUT }}; +{%- endif %} diff --git a/angie/autoconf.dist/stream-resolver.conf.j2 b/angie/autoconf.dist/stream-resolver.conf.j2 new file mode 100644 index 0000000..f36aba2 --- /dev/null +++ b/angie/autoconf.dist/stream-resolver.conf.j2 @@ -0,0 +1,2 @@ +{%- set resolver_status_zone = 'stream_resolver' -%} +{% include 'resolver.j2m' %} diff --git a/image-entry.d/06-resolver.envsh b/image-entry.d/06-resolver.envsh new file mode 100755 index 0000000..d816123 --- /dev/null +++ b/image-entry.d/06-resolver.envsh @@ -0,0 +1,109 @@ +#!/bin/sh + +unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT +## here should be SANE defaults (!) +_NGX_RESOLVER_STACK=ipv4 +_NGX_RESOLVER_TIMEOUT=10s + +if [ -z "${NGX_RESOLVER_STACK:-}" ] ; then + NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK} +else + case "${NGX_RESOLVER_STACK}" in + [Ii][Pp][Vv]4 | [Vv]4 | 4 ) + ## adjust + NGX_RESOLVER_STACK=ipv4 + ;; + [Ii][Pp][Vv]6 | [Vv]6 | 6 ) + ## adjust + NGX_RESOLVER_STACK=ipv6 + ;; + [Dd][Uu][Aa][Ll] | [Aa][Ll][Ll] | [Aa][Nn][Yy] ) + ## adjust + NGX_RESOLVER_STACK=any + ;; + [Nn][Oo][Nn][Ee] | 0 ) + ## adjust + NGX_RESOLVER_STACK=none + ;; + * ) + log_always "NGX_RESOLVER_STACK: unrecognized value: ${NGX_RESOLVER_STACK}" + log_always "setting NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}" + NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK} + ;; + esac +fi +export NGX_RESOLVER_STACK + +if [ "${NGX_RESOLVER_STACK}" = 'none' ] ; then + unset NGX_RESOLV_CONF NGX_RESOLVER_TIMEOUT NGX_RESOLVERS +else + if [ -z "${NGX_RESOLVER_TIMEOUT:-}" ] ; then + NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT} + else + case "${NGX_RESOLVER_TIMEOUT}" in + [1-9] | [1-9][0-9] ) + ## convert implicit "seconds" to explicit + NGX_RESOLVER_TIMEOUT="${NGX_RESOLVER_TIMEOUT}s" + ;; + [1-9]s | [1-9][0-9]s ) + ## pass + ;; + [1-9]ms | [1-9][0-9]ms | [1-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9][0-9]ms ) + ## pass + ;; + * ) + log_always "NGX_RESOLVER_TIMEOUT: unrecognized value: ${NGX_RESOLVER_TIMEOUT}" + log_always "setting NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}" + NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT} + ;; + esac + fi + export NGX_RESOLVER_TIMEOUT + + unset _resolv_conf + while [ -z "${NGX_RESOLVERS+x}" ] ; do + _resolv_conf="${NGX_RESOLV_CONF-/etc/resolv.conf}" + [ -n "${_resolv_conf}" ] || break + [ -f "${_resolv_conf}" ] || break + [ -s "${_resolv_conf}" ] || break + + unset i + while read -r i ; do + [ -n "$i" ] || continue + + case "$i" in + ## NB: /etc/resolv.conf allows (!) IPv6 addresses in dotted form (RFC 2373) but this is discouraged + *:* ) + ## TODO: IPv6 address validation + i="[$i]" + + case "${NGX_RESOLVER_STACK}" in + ipv6 | any ) + NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i") + ;; + esac + ;; + * ) + if ! is_ipv4_address "$i" ; then + log_always "invalid IPv4 address: $i" + continue + fi + + case "${NGX_RESOLVER_STACK}" in + ipv4 | any ) + NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i") + ;; + esac + ;; + esac + done <<-EOF + $(mawk '$1 == "nameserver" {print $2}' < "${_resolv_conf}") + EOF + unset i + done + unset _resolv_conf + + [ -z "${NGX_RESOLVERS}" ] || export NGX_RESOLVERS +fi + +unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT