Merge branch 'Cargo-has_certificate' into master

auto-ssl · Sep 27, 2020 · 86d3c94 · 86d3c94
2 parents 247f375 + 0f7bfd5
commit 86d3c94
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -315,13 +315,17 @@ auto_ssl:set("http_proxy_options", {
 })
 ```
 
-## `ssl_certificate` Configuration
+## API
+
+<a id="ssl_certificate-configuration"></a>
+### `ssl_certificate`
+*Syntax:* `auto_ssl:ssl_certificate(options)`
 
 The `ssl_certificate` function accepts an optional table of configuration options. These options can be used to customize and control the SSL behavior on a per nginx `server` basis. Some built-in options may control the default behavior of lua-resty-auto-ssl, but any other custom data can be given as options, which will then be passed along to the [`allow_domain`](#allow_domain) and [`request_domain`](#request_domain) callback functions.
 
 Built-in configuration options:
 
-### `generate_certs`
+#### `generate_certs`
 *Default:* true
 
 This variable can be used to disable generating certs on a per server block location.
@@ -337,7 +341,26 @@ server {
 }
 ```
 
-### Advanced Let's Encrypt Configuration
+### `has_certificate`
+*Syntax:* `exists = auto_ssl:has_certificate(domain, shmem_only?)`
+
+The `has_certificate` function returns a boolean value for whether or not a certificate exists for the given `domain`. This is first looked up in the local shared memory cache, and then falls back to fetching from storage.
+
+The optional `shmem_only` parameter can be set to true in order to only check the local shared memory cache for the presence of the certificate, and not check the storage engine.
+
+*Example:*
+
+```nginx
+rewrite_by_lua_block {
+  local has_cert = auto_ssl:has_certificate(ngx.var.host)
+  if has_cert then
+    local https_uri = "https://" .. ngx.var.host .. ngx.var.request_uri
+    ngx.redirect(https_uri, 301)
+  end
+}
+```
+
+## Advanced Let's Encrypt Configuration
 
 Internally, lua-resty-auto-ssl uses [dehydrated](https://github.com/lukas2511/dehydrated) as it's Let's Encrypt client. If you'd like to adjust lower-level settings, like the private key size, public key algorithm, or your registration e-mail, these settings can be configured in a custom dehydrated configuration file.
 

diff --git a/lib/resty/auto-ssl.lua b/lib/resty/auto-ssl.lua
@@ -99,6 +99,11 @@ function _M.challenge_server(self)
   server(self)
 end
 
+function _M.has_certificate(self, domain, shmem_only)
+  local has_certificate = require "resty.auto-ssl.utils.has_certificate"
+  return has_certificate(self, domain, shmem_only)
+end
+
 function _M.hook_server(self)
   local server = require "resty.auto-ssl.servers.hook"
   server(self)

diff --git a/lib/resty/auto-ssl/utils/has_certificate.lua b/lib/resty/auto-ssl/utils/has_certificate.lua
@@ -0,0 +1,16 @@
+return function(auto_ssl_instance, domain, shmem_only)
+  local shmem = ngx.shared.auto_ssl:get("domain:fullchain_der:" .. domain)
+  if shmem then
+    return true
+  elseif shmem_only then
+    return false
+  end
+
+  local storage = auto_ssl_instance.storage
+  local cert = storage:get_cert(domain)
+  if cert then
+    return true
+  end
+
+  return false
+end