From e4bb97a181a88c5b7b36fbdf002769ea1ebcd147 Mon Sep 17 00:00:00 2001
From: notplants <notplants@commoninternet.net>
Date: Fri, 27 Feb 2026 19:30:57 +0000
Subject: [PATCH] fix: resolver-based nginx config and env vars for template
 configs

- Use Docker embedded DNS (127.0.0.11) with variables in proxy_pass
  instead of upstream blocks to prevent nginx crash loops when
  backend isn't ready during startup
- Add STACK_NAME env to web and livekit services for golang
  template_driver config resolution
- Add LIVEKIT_API_KEY env to livekit service for config template
- Add livekit_as secret to livekit service
- Increase web healthcheck retries and start_period
- Bump NGINX_CONF_VERSION to v2
---
 abra.sh         |  2 +-
 compose.yml     | 11 +++++++++--
 nginx.conf.tmpl | 18 +++++++++---------
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/abra.sh b/abra.sh
index 28608f4..8872223 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,7 +1,7 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
 export ABRA_ENTRYPOINT_VERSION=v1
-export NGINX_CONF_VERSION=v1
+export NGINX_CONF_VERSION=v2
 export PG_BACKUP_VERSION=v1
 export MIGRATE_VERSION=v1
 export LIVEKIT_CONFIG_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 9b6e7f0..e97e79a 100644
--- a/compose.yml
+++ b/compose.yml
@@ -185,6 +185,9 @@ services:
   livekit:
     image: livekit/livekit-server:v1.8.2
     command: --config /livekit-server.yaml
+    environment:
+      - STACK_NAME
+      - LIVEKIT_API_KEY
     # WebRTC ICE ports must be published directly on the host.
     # These carry raw RTP media, not HTTP — cannot be proxied through Traefik.
     # See docs/multinode.md for multi-node deployment considerations.
@@ -200,6 +203,8 @@ services:
     configs:
       - source: livekit_config
         target: /livekit-server.yaml
+    secrets:
+      - livekit_as
     networks:
       - proxy
       - backend
@@ -214,12 +219,14 @@ services:
 
   web:
     image: nginx:1.29
+    environment:
+      - STACK_NAME
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8083"]
       interval: 15s
       timeout: 5s
-      retries: 3
-      start_period: 10s
+      retries: 10
+      start_period: 30s
     configs:
       - source: nginx_conf
         target: /etc/nginx/conf.d/default.conf
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
index 83235a7..f85cbd8 100644
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@@ -1,10 +1,7 @@
-upstream meet_backend {
-    server {{ env "STACK_NAME" }}_backend:8000 fail_timeout=0;
-}
-
-upstream meet_frontend {
-    server {{ env "STACK_NAME" }}_app:8080 fail_timeout=0;
-}
+# Use Docker's embedded DNS so nginx starts even if upstreams aren't ready yet.
+# With variables in proxy_pass, hostname resolution is deferred to request time
+# instead of config parse time — preventing crash loops during slow backend startup.
+resolver 127.0.0.11 valid=5s;
 
 server {
     listen 8083;
@@ -14,13 +11,16 @@ server {
     # Disables server version feedback on pages and in headers
     server_tokens off;
 
+    set $meet_backend {{ env "STACK_NAME" }}_backend:8000;
+    set $meet_frontend {{ env "STACK_NAME" }}_app:8080;
+
     location @proxy_to_meet_backend {
         proxy_set_header X-Forwarded-Proto https;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
         proxy_redirect off;
-        proxy_pass http://meet_backend;
+        proxy_pass http://$meet_backend;
     }
 
     location @proxy_to_meet_frontend {
@@ -29,7 +29,7 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
         proxy_redirect off;
-        proxy_pass http://meet_frontend;
+        proxy_pass http://$meet_frontend;
     }
 
     location / {