-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support ssl_handshake handler and dynamic certificate change #145
Conversation
ae15d72
to
afcff51
Compare
…avis Support dynamic cert test on travis
create certificate and certificate key.
server {
listen 58082 ssl;
server_name localhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate /Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//dummy.crt;
ssl_certificate_key /Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//dummy.key;
mruby_ssl_handshake_handler_code '
ssl = Nginx::SSL.new
ssl.certificate = "/Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//server.crt"
ssl.certificate_key = "/Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//server.key"
';
location / {
mruby_content_handler_code "Nginx.rputs 'ssl test ok'";
}
} access via openssl.
server {
listen 58082 ssl;
server_name localhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate /Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//dummy.crt;
ssl_certificate_key /Users/matsumoto_r/DEV/ngx_mruby/build/nginx/html//dummy.key;
location / {
mruby_content_handler_code "Nginx.rputs 'ssl test ok'";
}
} access via openssl
|
Add Nginx::SSL#servername and more dynamically certificate changed. mruby_ssl_handshake_handler_code '
ssl = Nginx::SSL.new
ssl.certificate = "__NGXDOCROOT__/#{ssl.servername}.crt"
ssl.certificate_key = "__NGXDOCROOT__/#{ssl.servername}.key"
'; |
This PR with documentation is great. Would it make sense to have a directory (e.g.: |
Support ssl_handshake handler and dynamic certificate change
latest example server {
listen 443 ssl http2;
server_name _;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_dhparam /path/to/dhparams.pem;
ssl_certificate /path/to/dummy.crt;
ssl_certificate_key /path/to/dummy.key;
ssl_session_tickets on;
# need periodic update
ssl_session_ticket_key /path/to/ticket.key;
mruby_ssl_handshake_handler_code '
ssl = Nginx::SSL.new
ssl.certificate = "/path/to/#{ssl.servername}.crt"
ssl.certificate_key = "/path/to/#{ssl.servername}.key"
';
location / {
mruby_content_handler_code "Nginx.rputs 'ssl test ok'";
}
} |
Yea. this is great. does it make sense to put these examples into the git repo? |
@kbrock Yes, it's a good idea. I'll put these examples later. Also PRs are welcome!! |
+1 |
access via browser.
- dynamic certificate
access via browser