From 028493bfd888a4672b8f36af5b82be36cac98c66 Mon Sep 17 00:00:00 2001
From: Willem Jiang <willem.jiang@gmail.com>
Date: Tue, 5 May 2026 14:35:55 +0800
Subject: [PATCH] fix(docker):force ngix to resolve upstream names at request
 time (#2717)

* fix(docker):force ngix to resolve upstream names at request time

* fix(docker): set resolver valid=0s to eliminate DNS cache window for request-time re-resolution

Agent-Logs-Url: https://github.com/bytedance/deer-flow/sessions/07bdb872-022f-4fd2-9fa8-d800a4ce34a7

Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>

* Update DNS resolver valid time and add upstreams

* fix the unit test error

* Remove upstream server configurations from nginx.conf

Removed upstream server configurations for gateway and frontend.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
---
 backend/tests/test_gateway_runtime_cleanup.py |  2 +-
 docker/nginx/nginx.conf                       | 46 ++++++++-----------
 2 files changed, 20 insertions(+), 28 deletions(-)

diff --git a/backend/tests/test_gateway_runtime_cleanup.py b/backend/tests/test_gateway_runtime_cleanup.py
index 2cc18421..3bf7c1a5 100644
--- a/backend/tests/test_gateway_runtime_cleanup.py
+++ b/backend/tests/test_gateway_runtime_cleanup.py
@@ -50,7 +50,7 @@ def test_nginx_routes_official_langgraph_prefix_to_gateway_api():
         assert "/api/langgraph-compat" not in content
         assert "proxy_pass http://langgraph" not in content
         assert "rewrite ^/api/langgraph/(.*) /api/$1 break;" in content
-        assert "proxy_pass http://gateway" in content
+        assert "proxy_pass http://gateway" in content or "proxy_pass http://$gateway_upstream" in content
 
 
 def test_frontend_rewrites_langgraph_prefix_to_gateway():
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index a5e0eb6b..cf34d6ea 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -17,25 +17,17 @@ http {
     # Docker internal DNS (for resolving k3s hostname)
     resolver 127.0.0.11 valid=10s ipv6=off;
 
-    # Upstream servers (using Docker service names)
-    # NOTE: `zone` and `resolve` are nginx Plus-only features and are not
-    # available in the standard nginx:alpine image. Docker's internal DNS
-    # (127.0.0.11) handles service discovery; upstreams are resolved at
-    # nginx startup and remain valid for the lifetime of the deployment.
-    upstream gateway {
-        server gateway:8001;
-    }
-
-    upstream frontend {
-        server frontend:3000;
-    }
-
     # ── Main server (path-based routing) ─────────────────────────────────
     server {
         listen 2026 default_server;
         listen [::]:2026 default_server;
         server_name _;
 
+        # Resolve Docker service names at request time to avoid stale upstream
+        # IPs when containers restart and receive new addresses.
+        set $gateway_upstream gateway:8001;
+        set $frontend_upstream frontend:3000;
+
         # Hide CORS headers from upstream to prevent duplicates
         proxy_hide_header 'Access-Control-Allow-Origin';
         proxy_hide_header 'Access-Control-Allow-Methods';
@@ -56,7 +48,7 @@ http {
         # Rewrites /api/langgraph/* to /api/* before proxying to Gateway.
         location /api/langgraph/ {
             rewrite ^/api/langgraph/(.*) /api/$1 break;
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
 
             # Headers
@@ -82,7 +74,7 @@ http {
 
         # Custom API: Models endpoint
         location /api/models {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -92,7 +84,7 @@ http {
 
         # Custom API: Memory endpoint
         location /api/memory {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -102,7 +94,7 @@ http {
 
         # Custom API: MCP configuration endpoint
         location /api/mcp {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -112,7 +104,7 @@ http {
 
         # Custom API: Skills configuration endpoint
         location /api/skills {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -122,7 +114,7 @@ http {
 
         # Custom API: Agents endpoint
         location /api/agents {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -132,7 +124,7 @@ http {
 
         # Custom API: Uploads endpoint
         location ~ ^/api/threads/[^/]+/uploads {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -146,7 +138,7 @@ http {
 
         # Custom API: Other endpoints under /api/threads
         location ~ ^/api/threads {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -156,7 +148,7 @@ http {
 
         # API Documentation: Swagger UI
         location /docs {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -166,7 +158,7 @@ http {
 
         # API Documentation: ReDoc
         location /redoc {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -176,7 +168,7 @@ http {
 
         # API Documentation: OpenAPI Schema
         location /openapi.json {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -186,7 +178,7 @@ http {
 
         # Health check endpoint (gateway)
         location /health {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -210,7 +202,7 @@ http {
         # Catch-all for /api/ routes not covered above (e.g. /api/v1/auth/*).
         # More specific prefix and regex locations above still take precedence.
         location /api/ {
-            proxy_pass http://gateway;
+            proxy_pass http://$gateway_upstream;
             proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -220,7 +212,7 @@ http {
 
         # All other requests go to frontend
         location / {
-            proxy_pass http://frontend;
+            proxy_pass http://$frontend_upstream;
             proxy_http_version 1.1;
 
             # Headers