Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

smallstep-accomp: Resolve proxy target on request (#3946) #3947

Merged
merged 1 commit into from
Mar 14, 2024
Merged

smallstep-accomp: Resolve proxy target on request (#3946) #3947

merged 1 commit into from
Mar 14, 2024

Conversation

supersven
Copy link
Contributor

@supersven supersven commented Mar 13, 2024
edited
Loading

Usually, proxy targets are resolved when nginx is started. This can lead to strange behavior if the target either doesn't exist (yet) or the DNS entry changes while nginx is running.

This little trick with the indirection via a variable should trigger the lookup(s) while nginx is running. The default behavior of the resolver directive is to update the target according to its TTL in the configured DNS server.

N.B. this a cherry-pick / backport of #3946
Ticket: https://wearezeta.atlassian.net/browse/WPB-6822

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@supersven
smallstep-accomp: Resolve proxy target on request (#3946)
bc65155 
Usually, proxy targets are resolved when nginx is started. This can lead
to strange behavior if the target either doesn't exist (yet) or the DNS
entry changes while nginx is running.

This little trick with the indirection via a variable should trigger the
lookup(s) while nginx is running. The default behavior of the `resolver`
directive is to update the target according to its TTL in the configured
DNS server.
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Mar 13, 2024
jschumacher-wire
jschumacher-wire approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@jschumacher-wire jschumacher-wire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@supersven supersven merged commit ba0d7f1 into develop Mar 14, 2024
8 checks passed
@supersven supersven deleted the develop-use-resolver-to-handle-offline-proxy-targets branch March 14, 2024 14:03
@zebot zebot mentioned this pull request Apr 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschumacher-wire jschumacher-wire jschumacher-wire approved these changes

Assignees
No one assigned
Labels
ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@supersven @jschumacher-wire @zebot