From 1fb771a75fb2aa2932b5afce2b424e3f86791bc2 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 16 Feb 2020 17:56:27 +0000 Subject: [PATCH] Use systemd-resolved stub resolver for nginx resolver This ensures that nginx queries follow the same path as everything else and are subject to DNSSEC validation as well as allowing us to simplify the tests that use nginx. --- .kitchen.yml | 8 -------- cookbooks/nginx/recipes/default.rb | 5 ----- cookbooks/nginx/templates/default/nginx.conf.erb | 2 +- 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index e9350cc01..f46a4d1f8 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -123,10 +123,6 @@ suites: - name: nginx run_list: - recipe[nginx::default] - attributes: - networking: - nameservers: - - 127.0.0.1 - name: nodejs run_list: - recipe[nodejs::default] @@ -175,10 +171,6 @@ suites: - name: tilecache run_list: - recipe[tilecache::default] - attributes: - networking: - nameservers: - - 127.0.0.1 - name: tools run_list: - recipe[tools::default] diff --git a/cookbooks/nginx/recipes/default.rb b/cookbooks/nginx/recipes/default.rb index 94754546c..a55dc14be 100644 --- a/cookbooks/nginx/recipes/default.rb +++ b/cookbooks/nginx/recipes/default.rb @@ -22,16 +22,11 @@ include_recipe "munin" package "nginx" -resolvers = node[:networking][:nameservers].map do |resolver| - IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver -end - template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" owner "root" group "root" mode 0o644 - variables :resolvers => resolvers end directory node[:nginx][:cache][:fastcgi][:directory] do diff --git a/cookbooks/nginx/templates/default/nginx.conf.erb b/cookbooks/nginx/templates/default/nginx.conf.erb index a3f6b2411..5e09d846b 100644 --- a/cookbooks/nginx/templates/default/nginx.conf.erb +++ b/cookbooks/nginx/templates/default/nginx.conf.erb @@ -47,7 +47,7 @@ http { ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; ssl_dhparam /etc/ssl/certs/dhparam.pem; - resolver <%= @resolvers.join(" ") %>; + resolver 127.0.0.53; resolver_timeout 5s; <% if node['nginx']['cache']['fastcgi']['enable'] -%> -- 2.39.5