Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lua - verify certs when doing HTTPS requests

Browse Source
This commit is contained in:
florian 2021-10-23 10:10:24 +02:00
parent 163af4a49d
commit c00c7f46a0
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
3 changed files with 3316 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confs/global/nginx.conf
View File

@ -76,6 +76,8 @@ http {
# lua path and dicts # lua path and dicts
lua_package_path "/opt/bunkerized-nginx/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;/opt/bunkerized-nginx/deps/lib/lua/?.lua;;"; lua_package_path "/opt/bunkerized-nginx/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;/opt/bunkerized-nginx/deps/lib/lua/?.lua;;";
lua_package_cpath "/opt/bunkerized-nginx/deps/lib/?.so;/opt/bunkerized-nginx/deps/lib/lua/?.so;;"; lua_package_cpath "/opt/bunkerized-nginx/deps/lib/?.so;/opt/bunkerized-nginx/deps/lib/lua/?.so;;";
lua_ssl_trusted_certificate "/opt/bunkerized-nginx/lua/misc/root-ca.pem";
lua_ssl_verify_depth 2;
{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif +%} {% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif +%}
{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif +%} {% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif +%}
{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif +%} {% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif +%}

3314
lua/misc/root-ca.pem Normal file
View File

File diff suppressed because it is too large Load Diff

1
lua/recaptcha.lua
View File

@ -27,7 +27,6 @@ end
function M.check (token, recaptcha_secret) function M.check (token, recaptcha_secret)
local httpc = http.new() local httpc = http.new()
local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", { local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
ssl_verify = false,
method = "POST", method = "POST",
body = "secret=" .. recaptcha_secret .. "&response=" .. token .. "&remoteip=" .. ngx.var.remote_addr, body = "secret=" .. recaptcha_secret .. "&response=" .. token .. "&remoteip=" .. ngx.var.remote_addr,
headers = { ["Content-Type"] = "application/x-www-form-urlencoded" } headers = { ["Content-Type"] = "application/x-www-form-urlencoded" }