turn on proxy ssl verification

unfortunately this can't be behind a flag
3scale · Mar 24, 2017 · 2fe7e5c · 2fe7e5c
1 parent 25c4230
commit 2fe7e5c
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 1 deletion.
diff --git a/apicast/.s2iignore b/apicast/.s2iignore
@@ -1,2 +1,3 @@
 .s2i
 conf/ca-bundle.crt
+apicast.d/proxy_ssl.conf
diff --git a/apicast/apicast.d/proxy_ssl.conf b/apicast/apicast.d/proxy_ssl.conf
@@ -0,0 +1,4 @@
+# This file is not in the built docker image and have to be added by hand.
+
+proxy_ssl_trusted_certificate ca-bundle.crt;
+proxy_ssl_verify on;
diff --git a/apicast/conf.d/apicast.conf b/apicast/conf.d/apicast.conf
@@ -48,6 +48,10 @@ location @out_of_band_authrep_action {
   }
 }
 
+proxy_ssl_server_name on;
+proxy_ssl_name $http_host;
+proxy_ssl_verify_depth 5;
+
 location / {
   set $cached_key null;
   set $credentials null;

diff --git a/apicast/http.d/init.conf b/apicast/http.d/init.conf
@@ -23,3 +23,5 @@ init_by_lua_block {
 init_worker_by_lua_block {
     require('module'):init_worker()
 }
+
+lua_shared_dict init 16k;
diff --git a/t/012-configuration-loading-boot-with-config.t b/t/012-configuration-loading-boot-with-config.t
@@ -5,7 +5,7 @@ my $pwd = cwd();
 my $apicast = $ENV{TEST_NGINX_APICAST_PATH} || "$pwd/apicast";
 
 $ENV{TEST_NGINX_LUA_PATH} = "$apicast/src/?.lua;;";
-$ENV{TEST_NGINX_HTTP_CONFIG} = "$apicast/http.d/*.conf";
+$ENV{TEST_NGINX_HTTP_CONFIG} = "$apicast/http.d/init.conf";
 $ENV{TEST_NGINX_APICAST_PATH} = $apicast;
 $ENV{APICAST_CONFIGURATION_LOADER} = 'boot';
 $ENV{THREESCALE_CONFIG_FILE} = 't/servroot/html/config.json';