Hi!
We have this nginx configuration on an ec2 instance (AWS), in the san pablo region:
nginx version: nginx/1.22.0
built by gcc 7.3.1 20180712 (Red Hat 7.3.1-15) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
conf file:
server {
...
location @solo_get {
set $dsomehost xxyy.cloudfront.net;
resolver 1.1.1.1 valid=30s;
proxy_ssl_protocols TLSv1.2;
proxy_set_body "";
proxy_ssl_server_name on;
proxy_pass https://$dsomehost;
proxy_set_header Host $dsomehost;
}
....
We already had 2 events in which clients, when sending the request, get this type of response:
2023/06/15 23:35:02 [error] 27012#27012: *507787436 xxyy.cloudfront.net could not be resolved (110: Operation timed out), client: .......
The problem here is dns 1.1.1.1 ?
what happens when dns 1.1.1.1 does not respond? Does nginx use the dns defined in /etc/resolv.conf?
we use that parameter ("resolver") according to this doc: http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
Thanks!!