Lua-resty-auto-ssl: Upgrade guide
How to upgrade to latest version? Any upgrade guide available?
prionkor
All 11 comments
I'm also interested in some more information on how to perform the upgrade from 0.12.0 to 0.13.1.
Do I just run sudo luarocks install lua-resty-auto-ssl or will that wipe out my current 0.12.0 configs/setup?
Or is it safer to update the dehydrated file as @ronaldgetz has provided?
TIA.
bryanus
on 6 Nov 2019
i've done the upgrade from 12 to 13.1, it's as simple as sudo luarocks install lua-resty-auto-ssl and restarting openresty with sudo systemctl restart openresty:)
aviatrix
on 6 Nov 2019
Thanks @aviatrix! So, just to confirm it didn't overwrite your nginx configs or anything? I have a lot going on in mine.
I just tested issuing a new domain, and didn't run into any errors, so I'm not totally clear on what this fixes or if I'm affected? But I suppose I should upgrade anyway...
bryanus
on 6 Nov 2019
@bryanus always make backups before doing anything! I've learned this the hard way.
If you have configs, keep them in version control in a private repo & cp the conf folder beforehand just in case.
This update ( 13.1) addresses the deprecation of the v1 ACME protocol by Let's Encrypt by updating the dependency Dehydrated which is used to communicate with Let's Encrypt servers. If you don't update, you won't be able to get new certificates in a month or so.
aviatrix
on 7 Nov 2019
Thanks @aviatrix! I'll give it a go and report back here.
bryanus
on 8 Nov 2019
Yikes. Ran the upgrade/install command and it immediately broke my setup upon restarting openresty:
2019/11/08 21:06:23 [error] 2973#2973: *113 [lua] ssl_certificate.lua:310: ssl_certificate(): auto-ssl: failed to run do_ssl: /usr/local/openresty/luajit/share/lua/5.1/shell-games.lua:233: bad argument #1 (table expected, got string), context: ssl_certificate_by_lua*, client: 103.3.244.23, server: 0.0.0.0:443
Luckily this was on a staging server so I am currently trying to troubleshoot this error. Any ideas @aviatrix? I wonder if I can just patch in the line edits and see if that keeps things working.
Update: So for now, I simply edited the dehydrated file directly with @ronaldgetz's patch, and everything is working after restarting openresty. Might have to hold me over while I try and figure out the error I got when doing the full upgrade. Hopefully the patch is "good enough"?
bryanus
on 8 Nov 2019
@bryanus Do you maybe use a custom function for the domain whitelist? This custom function might be the problem as the latest release of lua-resty-auto-ssl uses a different way to pass shell arguments (e.g. if you call the cat command to load a custom text file as whitelist). The shell arguments now need to be a table instead of a string before. Just a guess out of nowhere, because I saw that problem as well in one deployment.
andreasschroth
on 9 Nov 2019
@andreasschroth Wow! That is exactly what I am doing! I'm whitelisting domains from an eternal text file in my config:
````
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
-- reading from domains.txt and in testing
local shell_execute = require "resty.auto-ssl.utils.shell_execute"
local ngx_re = require "ngx.re"
local status, output, err = shell_execute("cat /home/user/domains.txt")
if err then
ngx.log(ngx.ERR, "allow_domain cat error: ", err)
else
local domains = ngx_re.split(output, "\n")
for _, d in ipairs(domains) do
if (domain == d) then
return true
end
end
end
return false
end)
auto_ssl:set("renew_check_interval", 43200)
auto_ssl:init()
}
````
Were you doing the same thing? I'm a little confused on how to structure my shell commands to be passed as a table. I'll have to dig more into the documentation on this. How did you resolve yours? Thanks so much for this tip off!
bryanus
on 11 Nov 2019
@bryanus Please try this code:
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
-- reading from domains.txt and in testing
local shell_execute = require "resty.auto-ssl.utils.shell_execute"
local ngx_re = require "ngx.re"
local result, err = shell_execute({"cat", "/home/user/domains.txt"})
if err then
ngx.log(ngx.ERR, "allow_domain cat error: ", err)
else
local domains = ngx_re.split(result["output"], "\n")
for _, d in ipairs(domains) do
if (domain == d) then
return true
end
end
end
return false
end)
auto_ssl:set("renew_check_interval", 43200)
auto_ssl:init()
}
Explanation:
Commit https://github.com/GUI/lua-resty-auto-ssl/commit/59758847b44981edfaf484d3a981deea82409332 implemented the new version of https://github.com/GUI/lua-shell-games for lua-resty-auto-ssl here.
To sum it up, the API of the function shell_execute() changed (parameters as well as return values).
Personally, I find debugging Lua code in Nginx to be quite a nightmare. Maybe someday it will be easier.
andreasschroth
on 11 Nov 2019
Thanks @andreasschroth. I was reviewing the syntax for the lua-resty-shell module and figured it couldn't be that simple of a change. Thanks for taking the time to help me out. I'll give it a shot (likely tomorrow) and report back!
bryanus
on 11 Nov 2019
It works! Thanks for your help @andreasschroth. I didn't realize you also modified my conditional output; more involved than I first thought. Yes, debugging Lua in nginx configs is painful, but not so bad with some great help! Cheers! ;-)
bryanus
on 11 Nov 2019
Related issues
ronaldgetz
·
10Comments
n11c
·
13Comments
byrnedo
·
16Comments
ronaldgrn
·
8Comments
discobean
·
8Comments
Most helpful comment
@bryanus Please try this code:
Explanation:
Commit https://github.com/GUI/lua-resty-auto-ssl/commit/59758847b44981edfaf484d3a981deea82409332 implemented the new version of https://github.com/GUI/lua-shell-games for lua-resty-auto-ssl here.
To sum it up, the API of the function
shell_execute()changed (parameters as well as return values).Personally, I find debugging Lua code in Nginx to be quite a nightmare. Maybe someday it will be easier.