From 926b39e016afc77a6b8ea32c37273c7a6fca5467 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 16 Dec 2014 15:57:24 +0000 Subject: [PATCH] Support IPv6 resolvers in nginx config --- cookbooks/tilecache/recipes/default.rb | 8 +++++++- .../tilecache/templates/default/nginx_tile_ssl.conf.erb | 3 +-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb index 4711428a2..37d10295f 100644 --- a/cookbooks/tilecache/recipes/default.rb +++ b/cookbooks/tilecache/recipes/default.rb @@ -17,6 +17,8 @@ # limitations under the License. # +require "ipaddr" + certificate = node[:tilecache][:ssl][:certificate] node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ certificate ] @@ -77,9 +79,13 @@ nginx_site "default" do action [ :delete ] end +resolvers = node[:networking][:nameservers].map do |resolver| + IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : "#{resolver}" +end + nginx_site "tile-ssl" do template "nginx_tile_ssl.conf.erb" - variables :certificate => certificate + variables :certificate => certificate, :resolvers => resolvers end service "nginx-certificate-restart" do diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb index 7ada68069..60059837b 100644 --- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb +++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb @@ -13,8 +13,7 @@ server { ssl_session_cache shared:SSL:30m; ssl_session_timeout 15m; ssl_stapling on; - resolver <%= node[:networking][:nameservers].join(" ") %>; + resolver <%= @resolvers.join(" ") %>; location / { proxy_pass http://127.0.0.1; proxy_set_header X-Forwarded-For $remote_addr; } - } -- 2.43.2