Home / server / Questions / 1012596
In Process
suchislife
Asked: 2020-04-17 07:18:38 +0800 CST

NGINX resolver directive placement and inheretance

  • 772

My nginx.conf file contains only 1 server block.

I've recently read a few guides and began to use the following directives in my nginx server block context.

Specifically resolver and resolver_timeout.

# Using ipv4 to listen on port 80

listen            80 default_server;

# Using ipv6 to listen on port 80

listen            [::]:80 default_server;

# Sets names of a virtual server

server_name       mysite.com www.mysite.com;

# Sets the root directory for requests

root              /usr/share/nginx/html;

# Configures name servers used to resolve names of upstream servers into addresses
# The IP addresses for Google Public DNS are 8.8.8.8 and 8.8.4.4
# By default, nginx caches answers using the TTL value of a response.
# An optional valid parameter allows overriding it.

resolver          8.8.8.8 8.8.4.4 valid=300s;

# Sets a timeout for name resolution

resolver_timeout  30s;

I have some questions that may appear naive but it's because I want to fully understand it.

Question 1 - The DNS hosting provider for my domain contains an A Record for mysite.com that points to my static IP address with a TTL of 1H. Does that mean that I have to synchronize resolver with this value?

Question 2 - Google's Public DNS seems like the way to go given their Globally massive infrastructure. Is it ok to just use the resolver directives in the http context one level up from server or placing it in the server block is best practice?

Question 3 - If I'm using php-fpm, are the resolver directives ideally to be placed in the fastcgi_pass location block or can they remain in the server block and everything will work because of cascading?

# PHP scripts location block
location ~ \.php$ {

  # Security Setting #9 -> Use try_files to check if php script being passed 
  # is a file that actually exists.
  try_files       $uri =404;

  # Sets the address of a FastCGI server.
  # 
  # The address can be specified as a unix socket file, a domain name or IP address,
  # and a port.
  # 
  # In linux, we pass the PHP scripts to the PHP FastCGI Process Manager listening on 
  # a unix socket file.
  fastcgi_pass    unix:/run/php/php7.3-fpm.sock;

  # Sets a file name that will be appended after a URI that ends with a slash, in the value
  # of the $fastcgi_script_name variable.
  fastcgi_index   index.php;

  # You can use NGINX to "sanitize" the input to the application by setting the
  # HTTP_PROXY fastcgi_param to an empty string. This removes the parameter completely
  # from the FastCGI Process Manager request.
  fastcgi_param   HTTP_PROXY "";

  # Requires the server to use the root  directive
  # Requires the server to use the index directive
  fastcgi_param   SCRIPT_FILENAME  $request_filename;

  # Includes another file, or files matching the specified mask, into configuration.
  # Included files should consist of syntactically correct directives and blocks.

  # Includes adittional paramaters from fastcgi_params file.
  include         fastcgi_params;

} # END location block
domain-name-system nginx

0 Answers