Pfsense-Workshop-PFSense-HAProxy-Files: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde geleert.)
Markierung: Geleert
 
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 1: Zeile 1:
=Lua Script=
 
[[Datei:Pfsense_Workshop_PFSense_HAProxy_Files-1.png]]
 
*Services
 
**HAProxy
 
***Files
 
Das folgende Script muss unter content eingefügt werden
 
<syntaxhighlight lang=lua>
 
-- ACME http-01 domain validation plugin for Haproxy 1.6+
 
-- copyright (C) 2015 Jan Broer
 
--
 
  
acme = {}
 
acme.version = "0.1.1"
 
 
--
 
-- Configuration
 
--
 
-- When HAProxy is *not* configured with the 'chroot' option you must set an absolute path here and pass
 
-- that as 'webroot-path' to the letsencrypt client
 
 
acme.conf = {
 
["non_chroot_webroot"] = ""
 
}
 
 
--
 
-- Startup
 
-- 
 
acme.startup = function()
 
-- core.Info("[acme] http-01 plugin v" .. acme.version);
 
end
 
 
--
 
-- ACME http-01 validation endpoint
 
--
 
acme.http01 = function(applet)
 
local response = ""
 
local reqPath = applet.path
 
local src = applet.sf:src()
 
local token = reqPath:match( ".+/(.*)$" )
 
 
if token then
 
token = sanitizeToken(token)
 
end
 
 
if (token == nil or token == '') then
 
response = "bad request\n"
 
applet:set_status(400)
 
core.Warning("[acme] malformed request (client-ip: " .. tostring(src) .. ")")
 
else
 
auth = getKeyAuth(token)
 
if (auth:len() >= 1) then
 
response = auth .. "\n"
 
applet:set_status(200)
 
core.Info("[acme] served http-01 token: " .. token .. " (client-ip: " .. tostring(src) .. ")")
 
else
 
response = "resource not found\n"
 
applet:set_status(404)
 
core.Warning("[acme] http-01 token not found: " ..  acme.conf.non_chroot_webroot .. "/.well-known/acme-challenge/" .. token .. " (client-ip: " .. tostring(src) .. ")")
 
end
 
end
 
 
applet:add_header("Server", "haproxy/acme-http01-authenticator")
 
applet:add_header("Content-Length", string.len(response))
 
applet:add_header("Content-Type", "text/plain")
 
applet:start_response()
 
applet:send(response)
 
end
 
 
--
 
-- strip chars that are not in the URL-safe Base64 alphabet
 
-- see https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md
 
--
 
function sanitizeToken(token)
 
_strip="[^%a%d%+%-%_=]"
 
token = token:gsub(_strip,'')
 
return token
 
end
 
 
--
 
-- get key auth from token file
 
--
 
function getKeyAuth(token)
 
        local keyAuth = ""
 
        local path = acme.conf.non_chroot_webroot .. "/.well-known/acme-challenge/" .. token
 
        local f = io.open(path, "rb")
 
        if f ~= nil then
 
                keyAuth = f:read("*all")
 
                f:close()
 
        end
 
        return keyAuth
 
end
 
 
 
core.register_init(acme.startup)
 
core.register_service("acme-http01", "http", acme.http01)
 
</syntaxhighlight>
 

Aktuelle Version vom 17. Februar 2022, 13:29 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Pfsense-Workshop-PFSense-HAProxy-Files&oldid=31823