From cf4eb5092c2b4627fbf7b0f19a90287b2edfb365 Mon Sep 17 00:00:00 2001
From: Josh Knapp <jknapp85@gmail.com>
Date: Wed, 1 Apr 2026 22:27:07 -0700
Subject: [PATCH] Add DNS resolver for automatic container IP re-resolution

When Docker containers restart, they can get new IPs on the bridge
network. HAProxy caches DNS at config load time, so stale IPs cause
503s until config is regenerated.

Added a 'docker_dns' resolvers section pointing to Docker's embedded
DNS (127.0.0.11) with 10s hold time. Backend servers now use
'resolvers docker_dns init-addr last,libc,none' so HAProxy:
- Re-resolves container names every 10 seconds
- Falls back to last known IP if DNS is temporarily unavailable
- Starts even if a backend can't be resolved yet (init-addr none)

This eliminates 503s from container restarts, scaling, and recreation
without requiring a HAProxy config regeneration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 templates/hap_backend.tpl |  4 ++--
 templates/hap_header.tpl  | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/templates/hap_backend.tpl b/templates/hap_backend.tpl
index 925f3e7..6b19e48 100644
--- a/templates/hap_backend.tpl
+++ b/templates/hap_backend.tpl
@@ -11,7 +11,7 @@ backend {{ name }}-backend
     http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
 
     {% for server in servers %}
-    server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
+    server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }} resolvers docker_dns init-addr last,libc,none
     {% endfor %}
 
 # SSE-specific backend - optimized for Server-Sent Events long-lived connections
@@ -36,5 +36,5 @@ backend {{ name }}-sse-backend
     http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
 
     {% for server in servers %}
-    server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
+    server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }} resolvers docker_dns init-addr last,libc,none
     {% endfor %}
diff --git a/templates/hap_header.tpl b/templates/hap_header.tpl
index bfe0333..f0c5414 100644
--- a/templates/hap_header.tpl
+++ b/templates/hap_header.tpl
@@ -18,6 +18,21 @@ global
     log         127.0.0.1 local2
 
     chroot      /var/lib/haproxy
+
+# DNS resolver for Docker container name resolution
+# Re-resolves backend server addresses so container IP changes
+# (from restarts, recreations, scaling) are picked up automatically
+resolvers docker_dns
+    nameserver dns1 127.0.0.11:53
+    resolve_retries 3
+    timeout resolve 1s
+    timeout retry 1s
+    hold valid 10s
+    hold other 10s
+    hold refused 10s
+    hold nx 10s
+    hold timeout 10s
+    hold obsolete 10s
     pidfile     /var/run/haproxy.pid
     maxconn     4000
     user        haproxy