Configure resolvers for stapling with nginx

diff --git a/cookbooks/imagery/resources/site.rb b/cookbooks/imagery/resources/site.rb
index f8ab667319d6fcad61208bb4544b9c5a67c2b25a..137153a72f1539eafbbdfd1d75345a4610543326 100644 (file)
--- a/cookbooks/imagery/resources/site.rb
+++ b/cookbooks/imagery/resources/site.rb
@@ -94,11 +94,15 @@ action :create do
     domains base_domains.flat_map { |d| [d, "a.#{d}", "b.#{d}", "c.#{d}"] }
   end
 
+  resolvers = node[:networking][:nameservers].map do |resolver|
+    IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
+  end
+
   nginx_site new_resource.name do
     template "nginx_imagery.conf.erb"
     directory "/srv/imagery/#{name}"
     restart_nginx false
-    variables new_resource.to_hash
+    variables new_resource.to_hash.merge(:resolvers => resolvers)
   end
 end
 

diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index b926d479cf9db5436519c2fd5f3b35e45921048b..7001f794cf325665ceac874b85e5013dad4756ee 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -13,6 +13,8 @@ server {
     ssl_session_timeout 30m;
     ssl_stapling on;
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    resolver <%= @resolvers.join(" ") %>;
+    resolver_timeout 5s;
 
     root "/srv/<%= @name %>";
     rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;