angie: provide DNS resolver

2024-09-30 21:24:40 +03:00 · 2024-09-30 21:24:40 +03:00 · 7b5b3a0a30
commit 7b5b3a0a30
parent 47515839a2
4 changed files with 126 additions and 0 deletions
--- a/angie/autoconf.dist/http-resolver.conf.j2
+++ b/angie/autoconf.dist/http-resolver.conf.j2
@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'http_resolver' -%}
+{% include 'resolver.j2m' %}
--- a/angie/autoconf.dist/resolver.j2m
+++ b/angie/autoconf.dist/resolver.j2m
@ -0,0 +1,13 @@
+{%- if env.NGX_RESOLVERS %}
+  {%- if env.NGX_RESOLVER_STACK == 'any' %}
+resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }};
+  {%- elif env.NGX_RESOLVER_STACK == 'ipv4' %}
+resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=on ipv6=off;
+  {%- elif env.NGX_RESOLVER_STACK == 'ipv6' %}
+resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=off ipv6=on;
+  {%- endif %}
+{%- endif %}
+
+{%- if env.NGX_RESOLVER_TIMEOUT %}
+resolver_timeout {{ env.NGX_RESOLVER_TIMEOUT }};
+{%- endif %}
--- a/angie/autoconf.dist/stream-resolver.conf.j2
+++ b/angie/autoconf.dist/stream-resolver.conf.j2
@ -0,0 +1,2 @@
+{%- set resolver_status_zone = 'stream_resolver' -%}
+{% include 'resolver.j2m' %}
--- a/image-entry.d/06-resolver.envsh
+++ b/image-entry.d/06-resolver.envsh
@ -0,0 +1,109 @@
+#!/bin/sh
+
+unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT
+## here should be SANE defaults (!)
+_NGX_RESOLVER_STACK=ipv4
+_NGX_RESOLVER_TIMEOUT=10s
+
+if [ -z "${NGX_RESOLVER_STACK:-}" ] ; then
+	NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}
+else
+	case "${NGX_RESOLVER_STACK}" in
+	[Ii][Pp][Vv]4 | [Vv]4 | 4 )
+		## adjust
+		NGX_RESOLVER_STACK=ipv4
+	;;
+	[Ii][Pp][Vv]6 | [Vv]6 | 6 )
+		## adjust
+		NGX_RESOLVER_STACK=ipv6
+	;;
+	[Dd][Uu][Aa][Ll] | [Aa][Ll][Ll] | [Aa][Nn][Yy] )
+		## adjust
+		NGX_RESOLVER_STACK=any
+	;;
+	[Nn][Oo][Nn][Ee] | 0 )
+		## adjust
+		NGX_RESOLVER_STACK=none
+	;;
+	* )
+		log_always "NGX_RESOLVER_STACK: unrecognized value: ${NGX_RESOLVER_STACK}"
+		log_always "setting NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}"
+		NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}
+	;;
+	esac
+fi
+export NGX_RESOLVER_STACK
+
+if [ "${NGX_RESOLVER_STACK}" = 'none' ] ; then
+	unset NGX_RESOLV_CONF NGX_RESOLVER_TIMEOUT NGX_RESOLVERS
+else
+	if [ -z "${NGX_RESOLVER_TIMEOUT:-}" ] ; then
+		NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}
+	else
+		case "${NGX_RESOLVER_TIMEOUT}" in
+		[1-9] | [1-9][0-9] )
+			## convert implicit "seconds" to explicit
+			NGX_RESOLVER_TIMEOUT="${NGX_RESOLVER_TIMEOUT}s"
+		;;
+		[1-9]s | [1-9][0-9]s )
+			## pass
+		;;
+		[1-9]ms | [1-9][0-9]ms | [1-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9][0-9]ms )
+			## pass
+		;;
+		* )
+			log_always "NGX_RESOLVER_TIMEOUT: unrecognized value: ${NGX_RESOLVER_TIMEOUT}"
+			log_always "setting NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}"
+			NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}
+		;;
+		esac
+	fi
+	export NGX_RESOLVER_TIMEOUT
+
+	unset _resolv_conf
+	while [ -z "${NGX_RESOLVERS+x}" ] ; do
+		_resolv_conf="${NGX_RESOLV_CONF-/etc/resolv.conf}"
+		[ -n "${_resolv_conf}" ] || break
+		[ -f "${_resolv_conf}" ] || break
+		[ -s "${_resolv_conf}" ] || break
+
+		unset i
+		while read -r i ; do
+			[ -n "$i" ] || continue
+
+			case "$i" in
+			## NB: /etc/resolv.conf allows (!) IPv6 addresses in dotted form (RFC 2373) but this is discouraged
+			*:* )
+				## TODO: IPv6 address validation
+				i="[$i]"
+
+				case "${NGX_RESOLVER_STACK}" in
+				ipv6 | any )
+					NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i")
+				;;
+				esac
+			;;
+			* )
+				if ! is_ipv4_address "$i" ; then
+					log_always "invalid IPv4 address: $i"
+					continue
+				fi
+
+				case "${NGX_RESOLVER_STACK}" in
+				ipv4 | any )
+					NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i")
+				;;
+				esac
+			;;
+			esac
+		done <<-EOF
+		$(mawk '$1 == "nameserver" {print $2}' < "${_resolv_conf}")
+		EOF
+		unset i
+	done
+	unset _resolv_conf
+
+	[ -z "${NGX_RESOLVERS}" ] || export NGX_RESOLVERS
+fi
+
+unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT