This ensures that nginx queries follow the same path as everything
else and are subject to DNSSEC validation as well as allowing us to
simplify the tests that use nginx.
- name: nginx
run_list:
- recipe[nginx::default]
- attributes:
- networking:
- nameservers:
- - 127.0.0.1
- name: nodejs
run_list:
- recipe[nodejs::default]
- name: tilecache
run_list:
- recipe[tilecache::default]
- attributes:
- networking:
- nameservers:
- - 127.0.0.1
- name: tools
run_list:
- recipe[tools::default]
package "nginx"
-resolvers = node[:networking][:nameservers].map do |resolver|
- IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
-end
-
template "/etc/nginx/nginx.conf" do
source "nginx.conf.erb"
owner "root"
group "root"
mode 0o644
- variables :resolvers => resolvers
end
directory node[:nginx][:cache][:fastcgi][:directory] do
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
- resolver <%= @resolvers.join(" ") %>;
+ resolver 127.0.0.53;
resolver_timeout 5s;
<% if node['nginx']['cache']['fastcgi']['enable'] -%>
projects / chef.git / commitdiff