Permalink
Browse files

use array table to define sni_rules to guarantee priority

  • Loading branch information...
fffonion committed Jun 29, 2016
1 parent 462b4fc commit af26d8b4bfcba57140bb1fcc528905ea97b70a9f
Showing with 15 additions and 15 deletions.
  1. +8 −8 README.md
  2. +7 −7 lib/resty/sniproxy.lua
View
@@ -39,11 +39,11 @@ stream {
lua_resolver 8.8.8.8;
init_worker_by_lua_block {
sni_rules = {
["www.google.com"] = {"www.google.com", 443},
["www.facebook.com"] = {"9.8.7.6", 443},
["api.twitter.com"] = {"1.2.3.4"},
[".+.twitter.com"] = {nil, 443},
["."] = {"unix:/var/run/nginx-default.sock"}
{"www.google.com", "www.google.com", 443},
{"www.facebook.com", "9.8.7.6", 443},
{"api.twitter.com", "1.2.3.4"},
{".+.twitter.com", nil, 443},
{".", "unix:/var/run/nginx-default.sock"}
}
}
@@ -59,11 +59,11 @@ stream {
}
```
A Lua table `sni_rules` should be defined in the `init_worker_by_lua_block` directive.
A Lua array table `sni_rules` should be defined in the `init_worker_by_lua_block` directive.
The key can be either whole host name or regular expression. Use `.` for a default host name. If no entry is matched, connection will be closed.
The first value can be either whole host name or regular expression. Use `.` for a default host name. If no entry is matched, connection will be closed.
The value is a table containing host name and port. A host can be DNS name, IP address and UNIX domain socket path. If host is set to `nil`, the server_name in SNI will be used. If the port is not defined or set to `nil`, **443** will be used.
The second and third values are target host name and port. A host can be DNS name, IP address or UNIX domain socket path. If host is not defined or set to `nil`, **server_name** in SNI will be used. If the port is not defined or set to `nil` , **443** will be used.
Rules are applied with the priority as its occurrence sequence in the table. In the example above, **api.twitter.com** will match the third rule **api.twitter.com** rather than the fourth **.+.twitter.com**.
View
@@ -276,14 +276,14 @@ function _M.run(self)
end
ngx.log(ngx.INFO, format("tls server_name:%s exit:%d", self.server_name, code))
local upstream, port
if self.server_name == nil then -- no sni extension, only match default rule
self.server_name = "."
end
for k, v in pairs(sni_rules) do
local m, e = ngx.re.match(self.server_name, k, "jo")
if self.server_name == nil then -- no sni extension, only match default rule
self.server_name = "."
end
for _, v in pairs(sni_rules) do
local m, e = ngx.re.match(self.server_name, v[1], "jo")
if m then
upstream = v[1] or self.server_name
port = v[2] or 443
upstream = v[2] or self.server_name
port = v[3] or 443
break
end
end

0 comments on commit af26d8b

Please sign in to comment.