Permalink
Browse files

use array table to define sni_rules to guarantee priority

  • Loading branch information...
1 parent 462b4fc commit af26d8b4bfcba57140bb1fcc528905ea97b70a9f @fffonion committed Jun 29, 2016
Showing with 15 additions and 15 deletions.
  1. +8 −8 README.md
  2. +7 −7 lib/resty/sniproxy.lua
View
@@ -39,11 +39,11 @@ stream {
lua_resolver 8.8.8.8;
init_worker_by_lua_block {
sni_rules = {
- ["www.google.com"] = {"www.google.com", 443},
- ["www.facebook.com"] = {"9.8.7.6", 443},
- ["api.twitter.com"] = {"1.2.3.4"},
- [".+.twitter.com"] = {nil, 443},
- ["."] = {"unix:/var/run/nginx-default.sock"}
+ {"www.google.com", "www.google.com", 443},
+ {"www.facebook.com", "9.8.7.6", 443},
+ {"api.twitter.com", "1.2.3.4"},
+ {".+.twitter.com", nil, 443},
+ {".", "unix:/var/run/nginx-default.sock"}
}
}
@@ -59,11 +59,11 @@ stream {
}
```
-A Lua table `sni_rules` should be defined in the `init_worker_by_lua_block` directive.
+A Lua array table `sni_rules` should be defined in the `init_worker_by_lua_block` directive.
-The key can be either whole host name or regular expression. Use `.` for a default host name. If no entry is matched, connection will be closed.
+The first value can be either whole host name or regular expression. Use `.` for a default host name. If no entry is matched, connection will be closed.
-The value is a table containing host name and port. A host can be DNS name, IP address and UNIX domain socket path. If host is set to `nil`, the server_name in SNI will be used. If the port is not defined or set to `nil`, **443** will be used.
+The second and third values are target host name and port. A host can be DNS name, IP address or UNIX domain socket path. If host is not defined or set to `nil`, **server_name** in SNI will be used. If the port is not defined or set to `nil` , **443** will be used.
Rules are applied with the priority as its occurrence sequence in the table. In the example above, **api.twitter.com** will match the third rule **api.twitter.com** rather than the fourth **.+.twitter.com**.
@@ -276,14 +276,14 @@ function _M.run(self)
end
ngx.log(ngx.INFO, format("tls server_name:%s exit:%d", self.server_name, code))
local upstream, port
- if self.server_name == nil then -- no sni extension, only match default rule
- self.server_name = "."
- end
- for k, v in pairs(sni_rules) do
- local m, e = ngx.re.match(self.server_name, k, "jo")
+ if self.server_name == nil then -- no sni extension, only match default rule
+ self.server_name = "."
+ end
+ for _, v in pairs(sni_rules) do
+ local m, e = ngx.re.match(self.server_name, v[1], "jo")
if m then
- upstream = v[1] or self.server_name
- port = v[2] or 443
+ upstream = v[2] or self.server_name
+ port = v[3] or 443
break
end
end

0 comments on commit af26d8b

Please sign in to comment.