The hostname of the origin is unresolvable (DNS) or blocked by policy.

weserv / images

Source code of wsrv.nl (formerly images.weserv.nl), to be used on your own server(s).

https://wsrv.nl/

BSD 3-Clause "New" or "Revised" License

2.05k stars 201 forks source link

The hostname of the origin is unresolvable (DNS) or blocked by policy. #329

Closed vyacheslavdanilin closed 2 years ago

vyacheslavdanilin commented 2 years ago

Hi.

From time to time I get the following error (self hosting)

{"status":"error","code":404,"message":"The hostname of the origin is unresolvable (DNS) or blocked by policy."}

I tried to disable ipv6 in imagesweserv.conf:

resolver 8.8.8.8 ipv6=off;

but it doesn't help.

docker -v                           
Docker version 20.10.11, build dea9396

docker-compose -v
docker-compose version 1.29.2, build 5becea4c

Docker-compose dosen't support ipv6.

docker exec weserv ping google.com                      
PING google.com (172.217.168.174) 56(84) bytes of data.
64 bytes from mad07s10-in-f14.1e100.net (172.217.168.174): icmp_seq=1 ttl=37 time=19.4 ms
64 bytes from mad07s10-in-f14.1e100.net (172.217.168.174): icmp_seq=2 ttl=37 time=20.7 ms

Thanks

vyacheslavdanilin commented 2 years ago

Do you have any ideas how to fix this?

kleisauke commented 2 years ago

Are you using the pre-built Docker image hosted on GitHub Container Registry? If so, that requires modifying /etc/nginx/imagesweserv.conf instead (since the nginx configuration was 'deployed' during the image build). Remember to reload the nginx configuration file if you do this within the running container. You can also modify this file by mounting a custom nginx configuration at this file location, which might be easier.

Note that specifying the ipv6=off parameter is not always desirable, since there are a numerous hosts that only support IPv6 and/or provide broken IPv4 fallbacks.

vyacheslavdanilin commented 2 years ago

Hey!

Yes, I took your image, created a new config file with the setting /etc/nginx/imagesweserv.conf and copied this file into the container. Yes, the desired configuration is launched in the container ipv6=off.

The thing is that docker-compose does not support ipv6 due to swarm mode.

I like your project but I can't use it.

Any ideas where to look, what to try? Thanks for answers

kleisauke commented 2 years ago

What's the output of running:

$ cat /etc/resolv.conf | grep nameserver

within the container? Containers that use the default bridge network inherits the DNS settings of the host, whereas containers that use a custom network (i.e. Docker compose) use Docker's embedded DNS server, which forwards external DNS lookups to the DNS servers configured on the host.

You could try using this embedded DNS server by changing the resolver to 127.0.0.11:

--- a/etc/nginx/imagesweserv.conf
+++ b/etc/nginx/imagesweserv.conf
@@ -52,7 +52,7 @@ server {
     deny all;

     location / {
-        resolver 8.8.8.8; # Use Google's open DNS server
+        resolver 127.0.0.11; # Use Docker's embedded DNS server
         weserv proxy;

         add_header X-Upstream-Response-Length $weserv_response_length;

vyacheslavdanilin commented 2 years ago

I made queries for a domain with a CHAME DNS record. Now I send requests directly to the s3 domain.

Problem solved, thanks for the help. Thanks for a great project!

kleisauke commented 2 years ago

Great, I'll close.