Fixes #2

DNS resolvers can now be set explicitly with the DNS_RESOLVERS environment variable. If not explicitly set, the instance will be configured to use the resolvers in `/etc/resolve.conf`.

Author: dekobon

Dockerfile.oss

@@ -7,6 +7,8 @@ ENV HEADERS_MORE_VERSION "v0.33"
 # 1. Installing the headers-more module
 # 2. Adding configuration files needed for proxying private S3 buckets
 # 3. Adding a directory for proxied objects to be stored
+# 4. Replacing the entrypoint script with a modified version that explicitly
+#    sets resolvers.
 
 RUN set -eux \
     export DEBIAN_FRONTEND=noninteractive; \
@@ -43,11 +45,12 @@ RUN set -eux \
     rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
 
 COPY common/etc /etc
+COPY common/docker-entrypoint.sh /docker-entrypoint.sh
 COPY common/docker-entrypoint.d/00-check-for-required-env.sh /docker-entrypoint.d/00-check-for-required-env.sh
 COPY oss/etc /etc
 
 RUN set -eux \
     export DEBIAN_FRONTEND=noninteractive; \
     mkdir -p /var/cache/nginx/s3_proxy; \
     chown nginx:nginx /var/cache/nginx/s3_proxy; \
-    chmod -R +x /docker-entrypoint.d/*
+    chmod -R -v +x /docker-entrypoint.sh /docker-entrypoint.d/*.sh

Dockerfile.plus

@@ -14,7 +14,7 @@ COPY plus/usr /usr
 # Copy files from the OSS NGINX Docker container such that the container
 # startup is the same.
 # Source: https://github.com/nginxinc/docker-nginx/tree/1.19.2/stable/buster
-COPY plus/docker-entrypoint.sh /docker-entrypoint.sh
+COPY common/docker-entrypoint.sh /docker-entrypoint.sh
 COPY plus/docker-entrypoint.d /docker-entrypoint.d
 
 RUN set -eux \

README.md

@@ -52,7 +52,8 @@ docker build -f Dockerfile.plus -t nginx-plus-s3-gateway --build-arg NGINX_GPGKE
 
 Environment variables are used to configure this project.  
 
-* `AWS_SIGS_VERSION` - AWS Signatures API version - either 2 or 4 (4 is default) 
+* `AWS_SIGS_VERSION` - AWS Signatures API version - either 2 or 4 (4 is default)
+* `DNS_RESOLVERS` - (optional) DNS resolvers (separated by single spaces) to configure NGINX with 
 * `S3_ACCESS_KEY_ID` - Access key 
 * `S3_BUCKET_NAME` - Name of S3 bucket to proxy requests to
 * `S3_DEBUG` - Flag (true/false) enabling AWS signatures debug output (default: false)

common/docker-entrypoint.d/00-check-for-required-env.sh

@@ -81,3 +81,4 @@ echo "Access Key ID: ${S3_ACCESS_KEY_ID}"
 echo "Origin: ${S3_SERVER_PROTO}://${S3_BUCKET_NAME}.${S3_SERVER}:${S3_SERVER_PORT}"
 echo "Region: ${S3_REGION}"
 echo "AWS Signatures Version: v${AWS_SIGS_VERSION}"
+echo "DNS Resolvers: ${DNS_RESOLVERS}"

plus/docker-entrypoint.sh renamed to common/docker-entrypoint.sh

@@ -19,6 +19,13 @@
 
 set -e
 
+# This line is an addition to the NGINX Docker image's entrypoint script.
+if [ -z ${DNS_RESOLVERS+x} ]; then
+  export DNS_RESOLVERS="$(cat /etc/resolv.conf | grep nameserver | cut -d' ' -f2 | xargs)"
+fi
+
+# Nothing is modified under this line
+
 if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
     exec 3>&1
 else

oss/etc/nginx/templates/upstreams.conf.template

@@ -1,5 +1,8 @@
+# Use NGINX's non-blocking DNS resolution
+resolver ${DNS_RESOLVERS};
+
 upstream storage_urls {
-    # Upstreams are not refrshed until NGINX configuration is reloaded.
+    # Upstreams are not refreshed until NGINX configuration is reloaded.
     # NGINX Plus will dynamically reload upstreams when DNS records are changed.
 
     # Be sure to specify the port in the S3_SERVER and be sure that port

plus/etc/nginx/templates/upstreams.conf.template

@@ -1,11 +1,8 @@
 # This configuration with NGINX Plus should dynamically reload S3 backends
 # as they change in DNS.
 
-# Docker DNS server IP
-resolver 127.0.0.11;
-
-# Public DNS
-#resolver 1.1.1.1 8.8.8.8;
+# Use NGINX's non-blocking DNS resolution
+resolver ${DNS_RESOLVERS};
 
 upstream storage_urls {
     zone s3_backends 64k;