From 0f67f3b5d4c65ae70347481fd1a06c84a74f2bdb Mon Sep 17 00:00:00 2001
From: Steven Willis <steven@philo.com>
Date: Tue, 30 May 2023 16:02:58 -0400
Subject: [PATCH 1/2] correct $s3Uri to $s3uri

---
 common/etc/nginx/templates/default.conf.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/etc/nginx/templates/default.conf.template b/common/etc/nginx/templates/default.conf.template
index b2dd54d2..581ce1c7 100644
--- a/common/etc/nginx/templates/default.conf.template
+++ b/common/etc/nginx/templates/default.conf.template
@@ -194,7 +194,7 @@ server {
         # Comment out this line to receive the error messages returned by S3
         error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 500 501 502 503 504 505 506 507 508 509 510 511 =404 @error404;
 
-        proxy_pass ${S3_SERVER_PROTO}://storage_urls$s3Uri;
+        proxy_pass ${S3_SERVER_PROTO}://storage_urls$s3uri;
         include /etc/nginx/conf.d/gateway/s3listing_location.conf;
     }
 

From 2e4fdc04882e61fa173cf6c0a86cccfe152561e4 Mon Sep 17 00:00:00 2001
From: Steven Willis <steven@philo.com>
Date: Tue, 30 May 2023 16:11:51 -0400
Subject: [PATCH 2/2] use a variable hostname to get periodic DNS re-resolution

---
 common/etc/nginx/templates/default.conf.template  |  9 +++++++--
 common/etc/nginx/templates/resolver.conf.template |  2 ++
 oss/etc/nginx/templates/upstreams.conf.template   | 11 -----------
 plus/etc/nginx/templates/upstreams.conf.template  | 13 -------------
 4 files changed, 9 insertions(+), 26 deletions(-)
 create mode 100644 common/etc/nginx/templates/resolver.conf.template
 delete mode 100644 oss/etc/nginx/templates/upstreams.conf.template
 delete mode 100644 plus/etc/nginx/templates/upstreams.conf.template

diff --git a/common/etc/nginx/templates/default.conf.template b/common/etc/nginx/templates/default.conf.template
index 581ce1c7..79125614 100644
--- a/common/etc/nginx/templates/default.conf.template
+++ b/common/etc/nginx/templates/default.conf.template
@@ -28,6 +28,11 @@ js_set $s3uri s3gateway.s3uri;
 server {
     include /etc/nginx/conf.d/gateway/server_variables.conf;
 
+    # Set the hostname to a variable to be used with proxy_pass so that we can
+    # re-resolve the hostname as described here:
+    # https://www.nginx.com/blog/dns-service-discovery-nginx-plus/#domain-name-variable
+    set $upstream_server ${S3_SERVER}:${S3_SERVER_PORT};
+
     # Don't display the NGINX version number because we don't want to reveal
     # information that could be used to find an exploit.
     server_tokens off;
@@ -136,7 +141,7 @@ server {
 
         error_page 404 @trailslashControl;
 
-        proxy_pass ${S3_SERVER_PROTO}://storage_urls$s3uri;
+        proxy_pass ${S3_SERVER_PROTO}://$upstream_server$s3uri;
 
         include /etc/nginx/conf.d/gateway/s3_location.conf;
     }
@@ -194,7 +199,7 @@ server {
         # Comment out this line to receive the error messages returned by S3
         error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 500 501 502 503 504 505 506 507 508 509 510 511 =404 @error404;
 
-        proxy_pass ${S3_SERVER_PROTO}://storage_urls$s3uri;
+        proxy_pass ${S3_SERVER_PROTO}://$upstream_server$s3uri;
         include /etc/nginx/conf.d/gateway/s3listing_location.conf;
     }
 
diff --git a/common/etc/nginx/templates/resolver.conf.template b/common/etc/nginx/templates/resolver.conf.template
new file mode 100644
index 00000000..33f8cee6
--- /dev/null
+++ b/common/etc/nginx/templates/resolver.conf.template
@@ -0,0 +1,2 @@
+# Use NGINX's non-blocking DNS resolution
+resolver ${DNS_RESOLVERS};
diff --git a/oss/etc/nginx/templates/upstreams.conf.template b/oss/etc/nginx/templates/upstreams.conf.template
deleted file mode 100644
index 9e93a857..00000000
--- a/oss/etc/nginx/templates/upstreams.conf.template
+++ /dev/null
@@ -1,11 +0,0 @@
-# Use NGINX's non-blocking DNS resolution
-resolver ${DNS_RESOLVERS};
-
-upstream storage_urls {
-    # Upstreams are not refreshed until NGINX configuration is reloaded.
-    # NGINX Plus will dynamically reload upstreams when DNS records are changed.
-
-    # Be sure to specify the port in the S3_SERVER and be sure that port
-    # corresponds to the https/http in the proxy_pass directive.
-    server ${S3_SERVER}:${S3_SERVER_PORT};
-}
diff --git a/plus/etc/nginx/templates/upstreams.conf.template b/plus/etc/nginx/templates/upstreams.conf.template
deleted file mode 100644
index 5074cd14..00000000
--- a/plus/etc/nginx/templates/upstreams.conf.template
+++ /dev/null
@@ -1,13 +0,0 @@
-# This configuration with NGINX Plus should dynamically reload S3 backends
-# as they change in DNS.
-
-# Use NGINX's non-blocking DNS resolution
-resolver ${DNS_RESOLVERS};
-
-upstream storage_urls {
-    zone s3_backends 64k;
-
-    # Be sure to specify the port in the S3_SERVER and be sure that port
-    # corresponds to the https/http in the proxy_pass directive.
-    server ${S3_SERVER}:${S3_SERVER_PORT} resolve;
-}