-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can I update domain_whitelist dynamically? #9
Comments
Hi @kajmagnus, yes you can definitely use the lua-resty-http in __index method since it's called inside a timer. Adding a callback hook is a good syntax sugar feature, for now I guess you can get pretty much the same by just putting it into __index. Similarly you can also get the storage backend using |
@fffonion ok thanks, sounds good. (Personally I'm guessing people would be fine with A timer — that's Kong's lua-resty-timer, I'm guessing (?), i.e. extra timer functionality based on https://github.com/openresty/lua-nginx-module#ngxtimerat . |
Yeah i'll add a note in the readme on that. Actually I made a mistake here, checking domain in the whitelist in run in the ssl_certificate_by context. But you can still use cosocket API i.e. doing network operations. |
@fffonion Wow that was fast :- ) From the new docs:
Is that for each connection, always, or just the very first connection when the HTTPS cert doesn't yet exist, and gets created? |
It's for each connection, always. Since we rely on that whitelist to decide "whether i'm going to serve certificate (or order a new one) for this domain". But you can make it smarter by adding some cache for example. |
This is implemented as |
Can I add domains to
domain_whitelist
without restarting OpenResty or reloading the config?I'm new to Lua but maybe since
domain_whitelist
is a "metatable", one can define an__index()
function: (see http://lua-users.org/wiki/MetatableEvents )Could such an
__index
function uselua-resty-http
and ask my app server if the new domain is allowed? Sth like:***
The other project, lua-resty-autossl, has an
allow-domain()
callback, and apparently one can query Redis dynamically from it:https://github.com/auto-ssl/lua-resty-auto-ssl#allow_domain
The text was updated successfully, but these errors were encountered: