Hi there, I've done the following PoC to use ssl_certifciate_by_lua: and loading dynamically a certificate from a redis server. However it doesn't work I can't connect to the database.
The first logs appear correctly in my error log, however the second is never called. So I assume, the red:connect statement is blocking.
Is it by design? Can't I use the coroutine - tcp related API here? What is the workaround?
Nginx is stopping client connection, curl is exeiting with the following error:
* Unknown SSL protocol error in connection to <host>:443
The nginx configuration:
server {
listen 80 default_server;
listen 443 ssl default_server;
server_name default;
access_log /var/log/nginx/app-access.log;
error_log /var/log/nginx/app-error.log;
ssl_certificate /etc/ssl/web/default.crt;
ssl_certificate_key /etc/ssl/web/default.key;
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
local redis = require "resty.redis"
local red = redis:new()
ngx.log(ngx.ERR, "Before connection")
local ok, err = red:connect(os.getenv("127.0.0.1", "6379")
ngx.log(ngx.ERR, ok..""..err)
... More logic (clean old cert, setup new)
}
}