work in progress for idaholab#331, improvements to extracted_files_ht…

…tp_server.py and the setting/creation of ACL rules on hedgehog

nginx/nginx.conf

@@ -202,6 +202,7 @@ http {
     # extracted file download hedgehog redirect
     location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
       include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
       set $upstream $1:8006;
       rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $2 break;
       proxy_pass https://$upstream;

nginx/nginx_readonly.conf

@@ -131,6 +131,7 @@ http {
 
     # extracted file download hedgehog redirect
     location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_system_resolver.conf;
       set $upstream $1:8006;
       rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $2 break;
       proxy_pass https://$upstream;

nginx/scripts/docker_entrypoint.sh

@@ -18,6 +18,9 @@ NGINX_SSL_CONF=/etc/nginx/nginx_ssl_config.conf
 # a blank file just to use as an "include" placeholder for the nginx's LDAP config when LDAP is not used
 NGINX_BLANK_CONF=/etc/nginx/nginx_blank.conf
 
+# "include" file for resolver directive
+NGINX_RESOLVER_CONF=/etc/nginx/nginx_system_resolver.conf
+
 # "include" file for auth_basic, prompt, and htpasswd location
 NGINX_BASIC_AUTH_CONF=/etc/nginx/nginx_auth_basic.conf
 
@@ -287,6 +290,12 @@ for TEMPLATE in "$NGINX_TEMPLATES_DIR"/*.conf.template; do
   DOLLAR=$ envsubst < "$TEMPLATE" > "$NGINX_CONFD_DIR/$(basename "$TEMPLATE"| sed 's/\.template$//')"
 done
 
+# put the DNS resolver (nameserver from /etc/resolv.conf) into NGINX_RESOLVER_CONF
+DNS_SERVER="$(grep -i '^nameserver' /etc/resolv.conf | head -n1 | cut -d ' ' -f2)"
+[[ -z "${DNS_SERVER:-}" ]] && DNS_SERVER="127.0.0.11"
+export DNS_SERVER
+echo "resolver ${DNS_SERVER};" > "${NGINX_RESOLVER_CONF}"
+
 set -e
 
 # insert some build and runtime information into the landing page