Merge pull request #2965 from Shopify/dynamic-certificates-nginx

Add Lua module to serve SSL Certificates dynamically
2018-08-23 20:27:55 -07:00 · 2018-08-23 20:27:55 -07:00 · b0b575db33
commit b0b575db33
parent 5dd04d3d07 cbf041fc3e
5 changed files with 577 additions and 1 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -85,6 +85,15 @@ http {
        else
          monitor = res
        end
+
+        {{ if $all.DynamicCertificatesEnabled }}
+        ok, res = pcall(require, "certificate")
+        if not ok then
+          error("require failed: " .. tostring(res))
+        else
+          certificate = res
+        end
+        {{ end }}
    }

    {{ if $all.DynamicConfigurationEnabled }}
@ -775,6 +784,12 @@ stream {
        ssl_stapling                            on;
        ssl_stapling_verify                     on;
        {{ end }}
+
+        {{ if and (not $all.DisableLua) $all.DynamicCertificatesEnabled}}
+        ssl_certificate_by_lua_block {
+            certificate.call()
+        }
+        {{ end }}
        {{ end }}

        {{ if not (empty $server.AuthTLSError) }}