Add dnsmasq so nginx will allow an upstream service to not block startup

Dockerfile

@@ -12,6 +12,7 @@ RUN  add-apt-repository ppa:nginx/development
 # Install system packages
 RUN apt-get update && apt-get upgrade -y # 22FEB2017
 RUN apt-get install -y \
+     dnsmasq           \ 
      g++               \
      gdb               \
      gdebi-core        \

conf/init/nginx_conf_create.sh

@@ -6,6 +6,7 @@ import yaml
 import jinja2
 
 
+
 def generate_nginx_config():
   """
   Generates nginx config from the app config
@@ -41,6 +42,7 @@ def generate_server_config(config):
 
 
 if __name__ == "__main__":
-  config = yaml.load(file('conf/stack/config.yaml', 'r'))
+  with open('conf/stack/config.yaml', 'r') as f:
-  generate_server_config(config)
+    config = yaml.load(f)
-  generate_nginx_config()
+    generate_server_config(config)
+    generate_nginx_config()

conf/init/service/dnsmasq/log/run

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Ensure dependencies start before the logger
+sv check syslog-ng > /dev/null || exit 1
+
+# Start the logger
+exec logger -i -t dnsmasq 

conf/init/service/dnsmasq/run

@@ -0,0 +1,7 @@
+#! /bin/bash
+
+echo 'Starting dnsmasq'
+
+/usr/sbin/dnsmasq --no-daemon --user=root --listen-address=127.0.0.1
+
+echo 'dnsmasq'

conf/init/service/nginx/run

@@ -2,9 +2,6 @@
 
 echo 'Starting nginx'
 
-NAMESERVER=`cat /etc/resolv.conf | grep "nameserver" | awk '{print $2}' | tr '\n' ' '`
-echo "resolver $NAMESERVER valid=10s;" > /conf/nginx/resolver.conf
-
 /usr/sbin/nginx -c /conf/nginx/nginx.conf
 
 echo 'Nginx exited'

conf/nginx/nginx.conf.jnj

@@ -9,6 +9,8 @@ http {
     include hosted-http-base.conf;
     include rate-limiting.conf;
 
+    resolver 127.0.0.1 valid=10s;
+
     ssl_certificate ../stack/ssl.cert;
     ssl_certificate_key ../stack/ssl.key;
     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
@@ -57,6 +59,8 @@ http {
     include http-base.conf;
     include rate-limiting.conf;
 
+    resolver 127.0.0.1 valid=10s;
+
     server {
         include server-base.conf;
 

conf/nginx/resolver.conf

@@ -0,0 +1 @@
+resolver 127.0.0.1 valid=10s;

conf/nginx/server-base.conf.jnj

@@ -81,7 +81,8 @@ location /secscan/ {
 
 {% if signing_enabled %}
 location ~ ^/v2/(.+)/_trust/tuf/(.*)$ {
-    proxy_pass {{ tuf_server }};
+  set $upstream_tuf {{ tuf_server }};
+  proxy_pass $upstream_tuf$uri;
 }
 {% endif %}