Resilient upstreams: one unresolvable backend must not stop nginx

[montoyaedu]

Context

A live outage showed the failure mode: a vhost whose proxy_pass upstream host does not resolve at nginx startup makes nginx abort with [emerg] host not found in upstream "...". nginx then refuses to start at all — so one bad config takes down every site the proxy serves, not just that one.

nginx resolves a static upstream hostname once, at config-load time; if it fails, the whole load fails.

Proposal

Resolve upstreams per request instead of at startup.

• easyhome/nginx.conf — add resolver 127.0.0.11 valid=30s; (Docker's embedded DNS) in the http context.
• easyhome/templates/*.conf — change proxy_pass http://<host>; to set $upstream <host>; + proxy_pass http://$upstream;.

With a variable in proxy_pass, nginx resolves at request time: an unresolvable backend yields a 502 for that vhost only — nginx still starts and serves every other site.

Acceptance criteria

• easyhome/nginx.conf defines a resolver.
• The http/https vhost templates use a variable proxy_pass.
• A rendered vhost with an unresolvable upstream does not block nginx startup.
• bats coverage for the template render.
• Docs note: configs already generated under /domains are not auto-migrated — they keep the old static form until regenerated.

🤖 Generated with Claude Code

[montoyaedu]

Closing — the v2.0 vhost templates (easyhome/templates/http.conf, https.conf) already implement the resilient pattern: resolver 127.0.0.11 valid=30s; + set $upstream <target>; + proxy_pass $upstream;. easy proxy new already generates startup-tolerant vhosts.

The recent outage was caused by hand-written configs using upstream {} blocks — those are resolved at nginx startup regardless of resolver, and easy-proxy does not generate them. Detecting such non-standard configs is covered by #22 (easy proxy doctor).