97 lines
2.5 KiB
Text
97 lines
2.5 KiB
Text
error_log /dev/stdout;
|
|
|
|
lua_shared_dict jasima_cache 20m;
|
|
lua_package_path "/opt/sitelen-tu/?.lua;;";
|
|
|
|
lua_shared_dict auto_ssl 1m;
|
|
lua_shared_dict auto_ssl_settings 64k;
|
|
|
|
lua_ssl_trusted_certificate "/etc/ssl/certs/ca-certificates.crt";
|
|
|
|
resolver 127.0.0.11 valid=60 ipv6=off;
|
|
|
|
init_by_lua_block {
|
|
auto_ssl = (require "resty.auto-ssl").new()
|
|
auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
|
|
auto_ssl:set("redis", {
|
|
host = "redis"
|
|
})
|
|
auto_ssl:set("allow_domain", function(domain)
|
|
return domain == os.getenv("JASIMA_PROXY_HOST")
|
|
end)
|
|
auto_ssl:init()
|
|
}
|
|
|
|
init_worker_by_lua_block {
|
|
auto_ssl:init_worker()
|
|
}
|
|
|
|
upstream origin {
|
|
server 127.0.0.1;
|
|
|
|
balancer_by_lua_file /opt/sitelen-tu/balancer.lua;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name localhost default;
|
|
|
|
gzip off;
|
|
|
|
ssl_certificate_by_lua_block {
|
|
auto_ssl:ssl_certificate()
|
|
}
|
|
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
|
|
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
|
|
|
|
location / {
|
|
# These variables are set in the access_by_lua stage
|
|
# TODO: These might be better to set with a set_by_lua_block
|
|
set $jasima_host "fallback.invalid";
|
|
set $jasima_host_connect "fallback.invalid";
|
|
set $jasima_host_header "fallback.invalid";
|
|
set $jasima_host_ssl "fallback.invalid";
|
|
|
|
access_by_lua_file /opt/sitelen-tu/access.lua;
|
|
|
|
proxy_pass https://origin;
|
|
proxy_ssl_server_name on;
|
|
proxy_ssl_name $jasima_host_ssl;
|
|
proxy_set_header Accept-Encoding "";
|
|
proxy_set_header Host $jasima_host_header;
|
|
|
|
sub_filter_once off;
|
|
sub_filter_types text/html text/css text/xml application/javascript application/rss+xml application/atom+xml application/vnd.mpegurl application/x-mpegurl;
|
|
sub_filter 'http://$jasima_host' '/';
|
|
sub_filter 'https://$jasima_host' '/';
|
|
sub_filter '//$jasima_host' '/';
|
|
sub_filter 'REWRITE_JASIMA_HOST_PLACEHOLDER' $jasima_host;
|
|
|
|
header_filter_by_lua_file /opt/sitelen-tu/header_filter.lua;
|
|
body_filter_by_lua_file /opt/sitelen-tu/body_filter.lua;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
location /.well-known/acme-challenge/ {
|
|
content_by_lua_block {
|
|
auto_ssl:challenge_server()
|
|
}
|
|
}
|
|
location / {
|
|
return 404;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 127.0.0.1:8999;
|
|
client_body_buffer_size 128k;
|
|
client_max_body_size 128k;
|
|
|
|
location / {
|
|
content_by_lua_block {
|
|
auto_ssl:hook_server()
|
|
}
|
|
}
|
|
}
|