Add dnsmasq so nginx will allow an upstream service to not block startup

conf/nginx/nginx.conf.jnj

@@ -9,6 +9,8 @@ http {
     include hosted-http-base.conf;
     include rate-limiting.conf;
 
+    resolver 127.0.0.1 valid=10s;
+
     ssl_certificate ../stack/ssl.cert;
     ssl_certificate_key ../stack/ssl.key;
     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
@@ -57,6 +59,8 @@ http {
     include http-base.conf;
     include rate-limiting.conf;
 
+    resolver 127.0.0.1 valid=10s;
+
     server {
         include server-base.conf;
 

conf/nginx/resolver.conf

@@ -0,0 +1 @@
+resolver 127.0.0.1 valid=10s;

conf/nginx/server-base.conf.jnj

@@ -81,7 +81,8 @@ location /secscan/ {
 
 {% if signing_enabled %}
 location ~ ^/v2/(.+)/_trust/tuf/(.*)$ {
-    proxy_pass {{ tuf_server }};
+  set $upstream_tuf {{ tuf_server }};
+  proxy_pass $upstream_tuf$uri;
 }
 {% endif %}