From 67d40e186f830a939bfb8572faa436f177c94a34 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Thu, 26 Feb 2026 08:32:02 +1000
Subject: [PATCH] Attempt to fix #5335 by allowing resovler generation to be
 opt-out with a env var

---
 docker/rootfs/etc/nginx/nginx.conf                 | 10 +++++-----
 .../etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh   | 10 ++++++----
 .../etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh      |  2 +-
 docs/src/advanced-config/index.md                  | 14 +++++++++++++-
 4 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
index 892cf158..bdba3b30 100644
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@@ -47,10 +47,10 @@ http {
 	proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
 
 	# Log format and fallback log file
-	include /etc/nginx/conf.d/include/log-proxy.conf;
+	include /etc/nginx/conf.d/include/log-proxy[.]conf;
 
 	# Dynamically generated resolvers file
-	include /etc/nginx/conf.d/include/resolvers.conf;
+	include /etc/nginx/conf.d/include/resolvers[.]conf;
 
 	# Default upstream scheme
 	map $host $forward_scheme {
@@ -67,7 +67,7 @@ http {
 		"http" "http";
 		"https" "https";
 		default $scheme;
-	} 
+	}
 
 	# Real IP Determination
 
@@ -76,7 +76,7 @@ http {
 	set_real_ip_from 172.16.0.0/12; # Includes Docker subnet
 	set_real_ip_from 192.168.0.0/16;
 	# NPM generated CDN ip ranges:
-	include conf.d/include/ip_ranges.conf;
+	include conf.d/include/ip_ranges[.]conf;
 	# always put the following 2 lines after ip subnets:
 	real_ip_header X-Real-IP;
 	real_ip_recursive on;
@@ -98,7 +98,7 @@ http {
 
 stream {
 	# Log format and fallback log file
-	include /etc/nginx/conf.d/include/log-stream.conf;
+	include /etc/nginx/conf.d/include/log-stream[.]conf;
 
 	# Files generated by NPM
 	include /data/nginx/stream/*.conf;
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
index e02f41ca..68186538 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
@@ -7,8 +7,10 @@ log_info 'Dynamic resolvers ...'
 
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
-	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
-else
-	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+if [ "$(is_true "${DISABLE_RESOLVER:-}")" = '0' ]; then
+	if [ "$(is_true "${DISABLE_IPV6:-}")" = '1' ]; then
+		echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+	else
+		echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
+	fi
 fi
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
index 5d33cde4..edc9649c 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
@@ -12,7 +12,7 @@ process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
 	SED_REGEX=
 
-	if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
+	if [ "$(is_true "${DISABLE_IPV6:-}")" = '1' ]; then
 		# IPV6 is disabled
 		echo "Disabling IPV6 in hosts in: $1"
 		SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'
diff --git a/docs/src/advanced-config/index.md b/docs/src/advanced-config/index.md
index d987e0b0..3ab04ce2 100644
--- a/docs/src/advanced-config/index.md
+++ b/docs/src/advanced-config/index.md
@@ -231,8 +231,20 @@ load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
 
 Setting these environment variables will create the default user on startup, skipping the UI first user setup screen:
 
-```
+```yml
     environment:
       INITIAL_ADMIN_EMAIL: my@example.com
       INITIAL_ADMIN_PASSWORD: mypassword1
 ```
+
+## Disable Nginx Resolver
+
+On startup, we generate a resolvers directive for Nginx unless this is defined:
+
+```yml
+    environment:
+      DISABLE_RESOLVER: true
+```
+
+In this configuration, all DNS queries performed by Nginx will fall to the `/etc/hosts` file
+and then the `/etc/resolv.conf`.