Pfsense-Workshop-PFSense-HAProxy-Files: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 1: Zeile 1:
 
=Lua Script=
 
=Lua Script=
 
[[Datei:Pfsense_Workshop_PFSense_HAProxy_Files-1.png]]
 
[[Datei:Pfsense_Workshop_PFSense_HAProxy_Files-1.png]]
 
Das folgende Script muss unter
 
 
*Services
 
*Services
 
**HAProxy
 
**HAProxy
 
***Files
 
***Files
eingefügt werden
+
Das folgende Script muss unter content eingefügt werden
 
<syntaxhighlight lang=lua>
 
<syntaxhighlight lang=lua>
 
-- ACME http-01 domain validation plugin for Haproxy 1.6+
 
-- ACME http-01 domain validation plugin for Haproxy 1.6+

Version vom 17. Februar 2022, 13:17 Uhr

Lua Script

Pfsense Workshop PFSense HAProxy Files-1.png

  • Services
    • HAProxy
      • Files

Das folgende Script muss unter content eingefügt werden 

-- ACME http-01 domain validation plugin for Haproxy 1.6+
-- copyright (C) 2015 Jan Broer
--

acme = {}
acme.version = "0.1.1"

--
-- Configuration
--
-- When HAProxy is *not* configured with the 'chroot' option you must set an absolute path here and pass 
-- that as 'webroot-path' to the letsencrypt client

acme.conf = {
	["non_chroot_webroot"] = ""
}

--
-- Startup
--  
acme.startup = function()
-- core.Info("[acme] http-01 plugin v" .. acme.version);
end

--
-- ACME http-01 validation endpoint
--
acme.http01 = function(applet)
	local response = ""
	local reqPath = applet.path
	local src = applet.sf:src()
	local token = reqPath:match( ".+/(.*)$" )

	if token then
		token = sanitizeToken(token)
	end

	if (token == nil or token == '') then
		response = "bad request\n"
		applet:set_status(400)
		core.Warning("[acme] malformed request (client-ip: " .. tostring(src) .. ")")
	else
		auth = getKeyAuth(token)
		if (auth:len() >= 1) then
			response = auth .. "\n"
			applet:set_status(200)
			core.Info("[acme] served http-01 token: " .. token .. " (client-ip: " .. tostring(src) .. ")")
		else
			response = "resource not found\n"
			applet:set_status(404)
			core.Warning("[acme] http-01 token not found: " ..  acme.conf.non_chroot_webroot .. "/.well-known/acme-challenge/" .. token .. " (client-ip: " .. tostring(src) .. ")")
		end
	end

	applet:add_header("Server", "haproxy/acme-http01-authenticator")
	applet:add_header("Content-Length", string.len(response))
	applet:add_header("Content-Type", "text/plain")
	applet:start_response()
	applet:send(response)
end

--
-- strip chars that are not in the URL-safe Base64 alphabet
-- see https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md
--
function sanitizeToken(token)
	_strip="[^%a%d%+%-%_=]"
	token = token:gsub(_strip,'')
	return token
end

--
-- get key auth from token file
--
function getKeyAuth(token)
        local keyAuth = ""
        local path = acme.conf.non_chroot_webroot .. "/.well-known/acme-challenge/" .. token
        local f = io.open(path, "rb")
        if f ~= nil then
                keyAuth = f:read("*all")
                f:close()
        end
        return keyAuth
end


core.register_init(acme.startup)
core.register_service("acme-http01", "http", acme.http01)
Abgerufen von „http://wiki.ixheim.de/index.php?title=Pfsense-Workshop-PFSense-HAProxy-Files&oldid=31812