From 0a1fe41314261183eda644c7eaca209d1c726eb1 Mon Sep 17 00:00:00 2001
From: whm <973418690@qq.com>
Date: Mon, 23 Mar 2026 16:53:36 +0800
Subject: [PATCH] =?UTF-8?q?fix(nginx):=20=E4=BC=98=E5=85=88=20127.0.0.11?=
 =?UTF-8?q?=20=E4=B8=8E=E5=BB=B6=E9=95=BF=20DNS=20valid=EF=BC=8C=E7=BC=93?=
 =?UTF-8?q?=E8=A7=A3=20api/web=20=E9=97=B4=E6=AD=87=E6=97=A0=E6=B3=95?=
 =?UTF-8?q?=E8=A7=A3=E6=9E=90=E8=87=B4=20502?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Made-with: Cursor
---
 nginx/yuheng.docker.conf.tpl         | 3 ++-
 scripts/nginx-entrypoint-wait-dns.sh | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/nginx/yuheng.docker.conf.tpl b/nginx/yuheng.docker.conf.tpl
index 9da86e3..10e5f22 100644
--- a/nginx/yuheng.docker.conf.tpl
+++ b/nginx/yuheng.docker.conf.tpl
@@ -8,7 +8,8 @@ server {
     server_name yuheng.yuxindazhineng.com;
     client_max_body_size 800m;
 
-    resolver @@NGINX_RESOLVER@@ valid=10s ipv6=off;
+    # valid 过短会频繁重解析，宿主机 DNS 往往解析不了 compose 服务名 → 502；与 entrypoint 中优先 127.0.0.11 配合
+    resolver @@NGINX_RESOLVER@@ valid=300s ipv6=off;
 
     ssl_certificate     /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
     ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
diff --git a/scripts/nginx-entrypoint-wait-dns.sh b/scripts/nginx-entrypoint-wait-dns.sh
index 9d94b08..ad05f46 100644
--- a/scripts/nginx-entrypoint-wait-dns.sh
+++ b/scripts/nginx-entrypoint-wait-dns.sh
@@ -104,6 +104,12 @@ else
   echo "yh_nginx: resolver from resolv.conf: ${NSLINE}" >&2
 fi
 
+# Docker compose 服务名由网桥内置 DNS（通常 127.0.0.11）解析；仅用宿主机 DNS 会间歇「could not be resolved」→502
+case "$NSLINE" in
+  *127.0.0.11*) ;;
+  *) NSLINE="127.0.0.11 ${NSLINE}"; echo "yh_nginx: prepended 127.0.0.11 for compose DNS: ${NSLINE}" >&2 ;;
+esac
+
 if [ ! -r /yuheng.docker.conf.tpl ]; then
   echo "yh_nginx: error: /yuheng.docker.conf.tpl not mounted" >&2
   exit 1