Reputation: 27221
lua nginx ssl certificate setup
I use resty.http module. But the data is used. For usual http or https without verification all works.
local http = require("resty.http").new()
local res, err = http:request_uri(url, {
method = method,
headers = headers,
body = body,
ssl_verify = false
})
But if I do not use ssl_verify it wouldn't work with the error:
lua ssl certificate verify error: (20: unable to get local issuer certificate),
I found using Google that lua_ssl_trusted_certificate can help. But I don't know how it can help. I have tested such command: lua_ssl_trusted_certificate /etc/ssl/certs/GlobalSign_Root_CA.pem; but it did not help to me.
How to verify https in a proper way?
Upvotes: 1
Views: 8036
Answers (1)
Reputation: 8021
In your nginx.conf you need to configure
lua_ssl_verify_depth 2;
lua_ssl_trusted_certificate /pathto-ca-certs.pem;
In my case my server calls out to only one external HTTPS endpoint. So I exported the certificate with the full chain (via borwser ceritificate export in Firefox) and imported into a PEM file. This is the .pem file that I supplied above.
I use lua-resty-http to make the calls to https and it works fine. You can use tools like wireshark/fiddler to monitor the outgoing connections to see if the requests are being made the way you want.
Upvotes: 5
Related Questions
- Running Lua in Nginx config?
- Using luac file on Nginx
- How can I compile nginx with lua?
- https request in lua
- NGINX base location sub-paths each with different TLS certificate and key
- Making an https tls request from openresty lua
- lua https.request with certificate
- Nginx Lua Scripting
- lua - how to authenticate to a HTTPS server?
- How can i use LuaSec for sending in HTTPS