Hello!
I am trying to
create a router for internal testing. I am using openresty
image RESTY_CONFIG_OPTIONS_MORE.
As the messages we are sending from the
client are binary and don't have any request headers, we are trying to extract
the issuer and serial number from the cert and set them as request headers.
We want to use these
headers to route to our test server as opposed to production depending on the
header values.
My dockerfile grabs
it like so:
ENV
RESTY_CONFIG_OPTIONS_MORE "--with-ngx_http_ssl_module"
I have already tried
the following in the server block but it did not work:
rewrite_by_lua_block {
ngx.req.set_header("x-issuer", ngx.var.ssl_client_i_dn)
}
Hello!
I am trying to
create a router for internal testing. I am using openresty
image RESTY_CONFIG_OPTIONS_MORE. As the messages we are sending from the
client are binary and don't have any request headers, we are trying to extract
the issuer and serial number from the cert and set them as request headers.
We want to use these
headers to route to our test server as opposed to production depending on the
header values.
My dockerfile grabs
it like so:
ENV
RESTY_CONFIG_OPTIONS_MORE "--with-ngx_http_ssl_module"
I have already tried
the following in the server block but it did not work:
rewrite_by_lua_block {
ngx.req.set_header("x-issuer", ngx.var.ssl_client_i_dn)
}
You mentioned that
the envsubst utility is included in all images except alpine and windows. Is
that relevant to my issue in any way?
If just appending
the config options will not work, which do you think is the best option?
- Use nginx-ssl-variables looks like it
does exactly what we want it to do: https://github.com/Seb35/nginx-ssl-variables
- Modify openresty code to
build our own image that enhances ngx.ocsp module to make the cert
available as ngx.var.ssl_client_escaped_cert in rewrite_by_lua_block
- Modify openresty code to
build our own image that overwrites the SSL handshake
- Some combination of the above
- Other?
Thanks for reading
:)
