Hello! On Fri, Jul 26, 2013 at 12:11 AM, cox.graeme wrote: > > How can we secure a restful API with open resty? > One option is to use the ngx_encrypted_session module with ngx_lua's ndk.set_var API: https://github.com/agentzh/encrypted-session-nginx-module http://wiki.nginx.org/HttpLuaModule#ndk.set_var.DIRECTIVE > Is there an oAuth2 plugin? does someone have a secure example I could > follow? > Take a look at this post, "Yak Shaving: Adding OAuth Support to Nginx via Lua": http://seatgeek.com/blog/dev/oauth-support-for-nginx-with-lua Best regards, -agentzh
Hello! On Sat, Jul 27, 2013 at 1:10 AM, Henri Henri wrote: > And can we use HTTPS? > Why not? See http://nginx.org/en/docs/http/configuring_https_servers.html -agentzh
Hello! On Sun, Jul 28, 2013 at 1:16 AM, Henri Henri wrote: > So what's missing in lua-nginx is the ability to do HTTPS client queries in > an async way? > You can do nonblocking upstream https queries NOW via the ngx.location.capture API and the standard ngx_proxy module. Please check out the documentation: http://wiki.nginx.org/HttpLuaModule#ngx.location.capture http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass Best regards, -agentzh