Skip to content

Issue with Resolver #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
appunni-m opened this issue Nov 6, 2019 · 4 comments · Fixed by #34
Closed

Issue with Resolver #32

appunni-m opened this issue Nov 6, 2019 · 4 comments · Fixed by #34

Comments

@appunni-m
Copy link

docker-nginx-auto-ssl/snippets/resty-http.conf

Contains a resolver statement which should not be added like that as I have faced today 8.8.8.8 was not available from my machine.
@appunni-m
Copy link
Author 

# hold your certificate data. 1MB of storage holds certificates for
# approximately 100 separate domains.
lua_shared_dict auto_ssl 1m;

# The "auto_ssl" shared dict is used to temporarily store various settings
# like the secret used by the hook server on port 8999. Do not change or
# omit it.
lua_shared_dict auto_ssl_settings 64k;

# A DNS resolver must be defined for OCSP stapling to function.
#
# This example uses Google's DNS server. You may want to use your system's
# default DNS servers, which can be found in /etc/resolv.conf. If your network
# is not IPv6 compatible, you may wish to disable IPv6 results by using the
# "ipv6=off" flag (like "resolver 8.8.8.8 ipv6=off").
resolver 127.0.0.11;

# Initial setup tasks.
init_by_lua_block {
    auto_ssl = (require "resty.auto-ssl").new()
    auto_ssl:set("ca", 'https://acme-v02.api.letsencrypt.org/directory')
    -- Define a function to determine which SNI domains to automatically handle
    -- and register new certificates for. Defaults to not allowing any domains,
    -- so this must be configured.
    auto_ssl:set("allow_domain", function(domain)
      return ngx.re.match(domain, 'foodscience.spoonshot.com', 'ijo')
    end)

    auto_ssl:init()
}

init_worker_by_lua_block {
    auto_ssl:init_worker()
}

server {
    listen 127.0.0.1:8999;

    # Increase the body buffer size, to ensure the internal POSTs can always
    # parse the full POST contents into memory.
    client_body_buffer_size 128k;
    client_max_body_size 128k;

    location / {
      content_by_lua_block {
        auto_ssl:hook_server()
      }
    }
}

Please update this or add resolver as a variable

@appunni-m appunni-m mentioned this issue Nov 6, 2019
Closed
@Valian
Copy link
Owner

Valian commented Nov 10, 2019

Hi @appunni-dishq When I was designing this 8.8.8.8 was a sensible default, since in most of the cases your container has access to the internet. I'm not 100% sure, but setting there 127.0.0.53, 127.0.0.11 or anything else won't always work since DNS server address is managed by docker.

So, I'd definitely go for an option with an additional variable, using value 8.8.8.8 as a default. If I'll have time I'll try to make it happen, but in the meantime, I'd gladly accept PR from you.

Valian added a commit that referenced this issue Nov 10, 2019
@Valian
added and user variable in snippets #32
457deb3
@Valian Valian mentioned this issue Nov 10, 2019
Merged
@Valian
Copy link
Owner

Valian commented Nov 10, 2019

@appunni-dishq It was a small change, so I've added it. New docker images should be available soon.

@appunni-m
Copy link
Author

@Valian sorry for no reply, I had made the change on a docker build for my deployment, But thank's a lot for considering my request.

@pkolmann pkolmann mentioned this issue Jun 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

added RESOLVER_ADDRESS variable Valian/docker-nginx-auto-ssl
2 participants
@Valian @appunni-m