Mini Shell

Direktori : /opt/imunify360-webshield/nginx/lua/
Upload File :
Current File : //opt/imunify360-webshield/nginx/lua/ssl.lua

local ngx_ssl = require('ngx.ssl')
local ssl_utils = require("webshield.sslutils")


local function get_address()

    local addr, atype, err = ngx_ssl.raw_server_addr()

    if not addr then
        ngx.log(ngx.ERR, "Unable to fetch raw server addr: ", err)
        return
    end

    local byte = string.byte

    if atype == "inet" then  -- IPv4

        local ip = string.format(
            "%d.%d.%d.%d",
            byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4))

        return ip
    elseif atype == "inet6" then -- IPv6

        local ip = string.format(
            "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
            byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4),
            byte(addr, 5), byte(addr, 6), byte(addr, 7), byte(addr, 8),
            byte(addr, 9), byte(addr, 10), byte(addr, 11), byte(addr, 12),
            byte(addr, 13), byte(addr, 14), byte(addr, 15), byte(addr, 16))

        return ip
    else                         -- unix socket unsupported
        ngx.log(ngx.WARN, "IP addresses only supported")
    end
end


local function set_cert()

    local addr = get_address()
    if not addr then
        return
    end

    local name = ngx_ssl.server_name()

    local ssl = ssl_utils.get_cert_by_host(name, addr)

    if not ssl then
        return
    end

    ngx_ssl.clear_certs()

    ngx_ssl.set_cert(ssl.crt)

    ngx_ssl.set_priv_key(ssl.key)
end

set_cert()

Zerion Mini Shell 1.0