Add dnsmasq so nginx will allow an upstream service to not block startup

2017-02-14 18:09:56 -05:00 · 2017-02-14 18:09:56 -05:00 · 16ec19d356
commit 16ec19d356
parent 9affe193db
8 changed files with 27 additions and 7 deletions
--- a/1
+++ b/1
@ -12,6 +12,7 @@ RUN  add-apt-repository ppa:nginx/development
 # Install system packages
 RUN apt-get update && apt-get upgrade -y # 22FEB2017
 RUN apt-get install -y \
+     dnsmasq           \ 
     g++               \
     gdb               \
     gdebi-core        \
--- a/conf/init/nginx_conf_create.sh
+++ b/conf/init/nginx_conf_create.sh
@ -6,6 +6,7 @@ import yaml
 import jinja2


+
 def generate_nginx_config():
  """
  Generates nginx config from the app config
@ -41,6 +42,7 @@ def generate_server_config(config):


 if __name__ == "__main__":
-  config = yaml.load(file('conf/stack/config.yaml', 'r'))
-  generate_server_config(config)
-  generate_nginx_config()
+  with open('conf/stack/config.yaml', 'r') as f:
+    config = yaml.load(f)
+    generate_server_config(config)
+    generate_nginx_config()
--- a/conf/init/service/dnsmasq/log/run
+++ b/conf/init/service/dnsmasq/log/run
@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Ensure dependencies start before the logger
+sv check syslog-ng > /dev/null || exit 1
+
+# Start the logger
+exec logger -i -t dnsmasq 
--- a/conf/init/service/dnsmasq/run
+++ b/conf/init/service/dnsmasq/run
@ -0,0 +1,7 @@
+#! /bin/bash
+
+echo 'Starting dnsmasq'
+
+/usr/sbin/dnsmasq --no-daemon --user=root --listen-address=127.0.0.1
+
+echo 'dnsmasq'
--- a/conf/init/service/nginx/run
+++ b/conf/init/service/nginx/run
@ -2,9 +2,6 @@

 echo 'Starting nginx'

-NAMESERVER=`cat /etc/resolv.conf | grep "nameserver" | awk '{print $2}' | tr '\n' ' '`
-echo "resolver $NAMESERVER valid=10s;" > /conf/nginx/resolver.conf
-
 /usr/sbin/nginx -c /conf/nginx/nginx.conf

 echo 'Nginx exited'
--- a/conf/nginx/nginx.conf.jnj
+++ b/conf/nginx/nginx.conf.jnj
@ -9,6 +9,8 @@ http {
    include hosted-http-base.conf;
    include rate-limiting.conf;

+    resolver 127.0.0.1 valid=10s;
+
    ssl_certificate ../stack/ssl.cert;
    ssl_certificate_key ../stack/ssl.key;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
@ -57,6 +59,8 @@ http {
    include http-base.conf;
    include rate-limiting.conf;

+    resolver 127.0.0.1 valid=10s;
+
    server {
        include server-base.conf;

--- a/conf/nginx/resolver.conf
+++ b/conf/nginx/resolver.conf
@ -0,0 +1 @@
+resolver 127.0.0.1 valid=10s;
--- a/conf/nginx/server-base.conf.jnj
+++ b/conf/nginx/server-base.conf.jnj
@ -81,7 +81,8 @@ location /secscan/ {

 {% if signing_enabled %}
 location ~ ^/v2/(.+)/_trust/tuf/(.*)$ {
-    proxy_pass {{ tuf_server }};
+  set $upstream_tuf {{ tuf_server }};
+  proxy_pass $upstream_tuf$uri;
 }
 {% endif %}