一. lua-resty-auto-ssl
auto-ssl 是 OpenResty 环境下的一个模块,用来实现 Let's Encrypt 免费证书的签发和续期的自动化。
由于 Let's Encrypt 的证书有效期只有 90 天,往常每三个月就需要使用 CertBot 客户端进行续期操作。
有了 auto-ssl 就可以省略这个操作了。
二. 相关说明
1. aoto-ssl 的项目地址:https://github.com/auto-ssl/lua-resty-auto-ssl
2. auto-ssl 支持 OpenResty 1.9.7.2 及以上版本
3. auto-ssl 不依赖 CertBot,不需要安装 CertBot 客户端
4. auto-ssl 对于通配符域名并不擅长,因为 Let's Encrypt 的通配符域名证书只能通过DNS校验,而这个需要根据不同的DNS服务商提供的API单独实现
三. 安装步骤
1. 安装 LuaRocks
auto-ssl 的作者并未将该模块发布到 OpenResty 的官方包管理器OPM,而是使用了更早的 LuaRocks,所以首先要安装 LuaRocks。
- LuaRocks官网地址:https://luarocks.org/
- LuaRocks下载地址:https://luarocks.github.io/luarocks/releases/
我选择了相对比较新的版本:luarocks-3.8.0.tar.gz
wget https://luarocks.github.io/luarocks/releases/luarocks-3.8.0.tar.gz
tar -xzvf luarocks-3.8.0.tar.gz
cd luarocks-3.8.0/
./configure --prefix=/usr/local/openresty/luajit \
--with-lua=/usr/local/openresty/luajit/ \
--lua-suffix=jit \
--with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1
make
sudo make install
LuaRocks 默认被安装到:/usr/local/openresty/luajit/bin,因此运行 LuaRocks 命令时需要 cd 到这个目录。
2. 安装 auto-ssl
cd /usr/local/openresty/luajit/bin
./luarocks install lua-resty-auto-ssl
(1) 有可能出现的错误01:
Failed connect to raw.githubusercontent.com:443; Connection refused
解决办法:
通过whios获取 raw.githubusercontent.com 的 IP 地址,然后修改本地的 hosts 文件:
vim /etc/hosts
# 添加查询到的IP映射
185.199.109.133 raw.githubusercontent.com
(2) 有可能出现的错误02:
Encountered end of file
解决办法:翻个墙吧
3. 安装完成
auto-ssl 依赖以下两个模块:
- lua-resty-http
- shell-games
因此这两个模块也会被同时安装到 OpenResty 的目录下。
$ ./luarocks install lua-resty-auto-ssl
Installing https://luarocks.org/lua-resty-auto-ssl-0.13.1-1.src.rock
lua-resty-auto-ssl 0.13.1-1 depends on lua-resty-http (0.17.1-0 installed)
lua-resty-auto-ssl 0.13.1-1 depends on shell-games >= 1.1.0 (1.1.0-1 installed)
Warning: unmatched variable LUA_LIBDIR
mkdir -p /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build
rm -f /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-dehydrated-*
mkdir -p /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin
curl -sSLo /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/dehydrated "https://raw.githubusercontent.com/lukas2511/dehydrated/05eda91a2fbaed1e13c733230238fc68475c535e/dehydrated"
chmod +x /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/dehydrated
touch /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-dehydrated-2-05eda91a2fbaed1e13c733230238fc68475c535e
rm -f /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-lua-resty-shell-*
curl -sSLo /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/lib/resty/auto-ssl/vendor/shell.lua "https://raw.githubusercontent.com/juce/lua-resty-shell/955243d70506c21e7cc29f61d745d1a8a718994f/lib/resty/shell.lua"
touch /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-lua-resty-shell-955243d70506c21e7cc29f61d745d1a8a718994f
rm -f /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-sockproc-*
mkdir -p /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin
cd /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build && curl -sSLo sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be.tar.gz "https://github.com/juce/sockproc/archive/92aba736027bb5d96e190b71555857ac5bb6b2be.tar.gz"
cd /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build && tar -xf sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be.tar.gz
cd /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be && make
make[1]: Entering directory `/tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be'
gcc -Wall -Werror -o sockproc sockproc.c
make[1]: Leaving directory `/tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be'
cp /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/sockproc-92aba736027bb5d96e190b71555857ac5bb6b2be/sockproc /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/sockproc
chmod +x /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/sockproc
touch /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/stamp-sockproc-2-92aba736027bb5d96e190b71555857ac5bb6b2be
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl
install -m 644 lib/resty/auto-ssl.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl.lua
install -m 644 lib/resty/auto-ssl/init_master.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/init_master.lua
install -m 644 lib/resty/auto-ssl/init_worker.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/init_worker.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/jobs
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/json_adapters
install -m 644 lib/resty/auto-ssl/json_adapters/cjson.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/json_adapters/cjson.lua
install -m 644 lib/resty/auto-ssl/json_adapters/dkjson.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/json_adapters/dkjson.lua
install -m 644 lib/resty/auto-ssl/jobs/renewal.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/jobs/renewal.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/servers
install -m 644 lib/resty/auto-ssl/servers/challenge.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/servers/challenge.lua
install -m 644 lib/resty/auto-ssl/servers/hook.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/servers/hook.lua
install -m 644 lib/resty/auto-ssl/ssl_certificate.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/ssl_certificate.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/ssl_providers
install -m 644 lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/ssl_providers/lets_encrypt.lua
install -m 644 lib/resty/auto-ssl/storage.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/storage.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/storage_adapters
install -m 644 lib/resty/auto-ssl/storage_adapters/file.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/storage_adapters/file.lua
install -m 644 lib/resty/auto-ssl/storage_adapters/redis.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/storage_adapters/redis.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils
install -m 644 lib/resty/auto-ssl/utils/parse_openssl_time.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils/parse_openssl_time.lua
install -m 644 lib/resty/auto-ssl/utils/random_seed.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils/random_seed.lua
install -m 644 lib/resty/auto-ssl/utils/shell_execute.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils/shell_execute.lua
install -m 644 lib/resty/auto-ssl/utils/shuffle_table.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils/shuffle_table.lua
install -m 644 lib/resty/auto-ssl/utils/start_sockproc.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/utils/start_sockproc.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/vendor
install -m 644 lib/resty/auto-ssl/vendor/shell.lua /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/lua/resty/auto-ssl/vendor/shell.lua
install -d /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/bin/resty-auto-ssl
install -m 755 bin/letsencrypt_hooks /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/bin/resty-auto-ssl/letsencrypt_hooks
install -m 755 bin/start_sockproc /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/bin/resty-auto-ssl/start_sockproc
install -m 755 /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/dehydrated /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/bin/resty-auto-ssl/dehydrated
install -m 755 /tmp/luarocks_lua-resty-auto-ssl-0.13.1-1-E0EIpg/lua-resty-auto-ssl/build/bin/sockproc /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/lua-resty-auto-ssl/0.13.1-1/bin/resty-auto-ssl/sockproc
lua-resty-auto-ssl 0.13.1-1 is now installed in /usr/local/openresty/luajit (license: MIT)
四. 在 OpenResty 中整合 auto-ssl 的相关文章