Comments (3)
fititnt
commented on June 22, 2024
Related dehydrated-io/dehydrated#653
The gui/lua-resty-autossl uses dehydrated to obtain the certificates. So in theory that issue is something to watch for.
Anyway, the new naming conventions could still be more flexible. And this may even help a lot if someone get in trouble with letsencrypt limits and need to quick obtain other certificates
from ap-application-load-balancer.
fititnt
commented on June 22, 2024
The old rule was this one
-- Fail first if domain seems to be an IP.
-- @see https://github.com/GUI/lua-resty-auto-ssl/issues/26#issuecomment-366919522
if string.match(domain, "(%d+).(%d+).(%d+).(%d+)") or string.find(domain, ":", 1, true) then
-- These domains can be used for testing. Comment out this if to not allow even these ones
-- https://nip.io/
-- https://xip.io/
-- https://sslip.io/
if not (string.find(domain, "nip.io", 1, true) or string.find(domain, "xip.io", 1, true) or string.find(domain, "sslip.io", 1, true)) then
ngx.log(ngx.ERR, "allow_domain do not allow HTTPS for IPs ", domain)
return false
end
endI will have to somewhat replace this rule to allow nip.io, xip.io and sslip.io domains
from ap-application-load-balancer.
fititnt
commented on June 22, 2024
Example from v0.8.6-alpha
### AP-ALB ACME ________________________________________________________________
# BY USING Let's Encrypt, even if automated for you, you AGREE with
# Let’s Encrypt Subscriber Agreement at https://letsencrypt.org/repository/
alb_acme_production: true
alb_acme_rule_ips_allowed: false # ACME (Let's Encript at least) will HTTPS for IPs, so don't even try
# Exact match
alb_acme_rule_whitelist: []
alb_acme_rule_whitelist_file: '' # not implemented... yet
alb_acme_rule_blacklist: []
alb_acme_rule_blacklist_file: '' # not implemented... yet
# Suffix match (e.g. for subdomains) and prefix match (e.g. if any full domain, if start with these values)
alb_acme_rule_whitelist_suffix: []
alb_acme_rule_whitelist_prefix: []
alb_acme_rule_blacklist_suffix: []
alb_acme_rule_blacklist_prefix: []
# alb_acme_rule_lua inject custom lua inside GUI/lua-resty-auto-ssl allow_domain function.
alb_acme_rule_lua: |
-- FILE: /usr/local/openresty/nginx/conf/nginx.conf
-- NGINX CONTEXT: http/init_by_lua_block/auto_ssl:set("allow_domain", function(domain)
-- See https://github.com/GUI/lua-resty-auto-ssl
-- Note 1: Inside lua blocks (like this one) "--" is used for start comments
-- and not "#"
-- Note 2: your custom code should 'return true' or 'return false'
# alb_acme_rule_last define your "default" behavior for what was not explicitly
# whitelisted/blacklisted
alb_acme_rule_last: true
# This value is infered from alb_acme_production. But you can customize yourself
alb_acme_url: "{{ 'https://acme-v02.api.letsencrypt.org/directory' if alb_acme_production else 'https://acme-staging-v02.api.letsencrypt.org/directory' }}"from ap-application-load-balancer.
Related Issues (20)
- ALB `bootstrap` group of tasks (similar to `common`) HOT 1
- ALB on BSD Systems HOT 8
- ALB `status` group of tasks HOT 1
- RHEL/CentOS 8 and missing lua/luarocks base repositories for OpenResty HOT 2
- AP-ALB v0.8.x documentation migration to dedicated place HOT 1
- ALB on Debian distribution HOT 1
- MVP of standard health checks that works across different datacenters with acceptable security
- MVP of AP-ALB inside docker containers
- Convert AP-ALB tests to testinfra
- MVP of AP-ALB inside Alpine Linux HOT 1
- AP-ALB demo with MariaDB Galera Cluster (using external Ansible Roles)
- ALB on Arch Linux HOT 2
- Test viability of rclone on ALB ("Rclone - rsync for cloud storage")
- AP-ALB on Ansible Galaxy HOT 3
- App option: `X-Robots-Tag` + robots.txt with `noindex,nofollow` value
- Internal general notes about first AP-ALB General Availability release
- Documentation of AP-ALB using Sphinix + Read The Docs instead of markdown + GitHub Pages HOT 1
- Optimized large number of domain redirects via OpenResty/NGinx on AP-ALB
- Option to pre-autorize SSH access from trusted members of an ALB Cluster
- Test AP-ALB on Ubuntu 20.04 LTS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ap-application-load-balancer.