From 60c37821d674e78f7a93991ad4868ed70f7fc2cf Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Mon, 30 Nov 2015 17:40:32 +0200
Subject: [PATCH] roles/nginx: Only use Linode DNS resolvers for OCSP if it's a
 linode host

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/nginx/templates/https.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2
index f9ca231..07f1a52 100644
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@@ -19,7 +19,12 @@
     # OCSP stapling...
     ssl_stapling on;
     ssl_stapling_verify on;
+    {% if linode_id is defined %}
+    # use Linode internal DNS
     resolver 109.74.192.20 109.74.193.20;
+    {% else %}
+    resolver 8.8.8.8 8.8.4.4;
+    {% endif %}
 
     # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
     # when a restart is performed the previous key is lost, which resets all previous