ok
Direktori : /proc/self/root/opt/imunify360-webshield/nginx/lua/ |
Current File : //proc/self/root/opt/imunify360-webshield/nginx/lua/ssl.lua |
local ngx_ssl = require('ngx.ssl') local ssl_utils = require("webshield.sslutils") local function get_address() local addr, atype, err = ngx_ssl.raw_server_addr() if not addr then ngx.log(ngx.ERR, "Unable to fetch raw server addr: ", err) return end local byte = string.byte if atype == "inet" then -- IPv4 local ip = string.format( "%d.%d.%d.%d", byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4)) return ip elseif atype == "inet6" then -- IPv6 local ip = string.format( "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4), byte(addr, 5), byte(addr, 6), byte(addr, 7), byte(addr, 8), byte(addr, 9), byte(addr, 10), byte(addr, 11), byte(addr, 12), byte(addr, 13), byte(addr, 14), byte(addr, 15), byte(addr, 16)) return ip else -- unix socket unsupported ngx.log(ngx.WARN, "IP addresses only supported") end end local function set_cert() local addr = get_address() if not addr then return end local name = ngx_ssl.server_name() local ssl = ssl_utils.get_cert_by_host(name, addr) if not ssl then return end ngx_ssl.clear_certs() ngx_ssl.set_cert(ssl.crt) ngx_ssl.set_priv_key(ssl.key) end set_cert()