Commit ccf43922 authored by bunkerity's avatar bunkerity
Browse files

session secret fix

parent c1d44387
set $session_secret %ANTIBOT_SESSION_SECRET%;
access_by_lua_block {
local use_whitelist_ip = %USE_WHITELIST_IP%
......
server {
include /server-confs/*.conf;
set $session_secret %ANTIBOT_SESSION_SECRET%;
include /etc/nginx/main-lua.conf;
%LISTEN_HTTP%
%USE_HTTPS%
......
......@@ -156,6 +156,7 @@ SELF_SIGNED_SSL_CN="${SELF_SIGNED_SSL_CN-bunkerity-nginx}"
ANTIBOT_URI="${ANTIBOT_URI-/challenge}"
USE_ANTIBOT="${USE_ANTIBOT-cookie}"
ANTIBOT_RECAPTCHA_SCORE="${ANTIBOT_RECAPTCHA_SCORE-0.7}"
ANTIBOT_SESSION_SECRET="${ANTIBOT_SESSION_SECRET-random}"
# install additional modules if needed
if [ "$ADDITIONAL_MODULES" != "" ] ; then
......@@ -497,8 +498,12 @@ fi
list=$(spaces_to_lua "$DNSBL_LIST")
replace_in_file "/usr/local/lib/lua/dnsbl.lua" "%DNSBL_LIST%" "$list"
# antibot uri
# antibot uri and session secret
replace_in_file "/etc/nginx/main-lua.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
if [ "$ANTIBOT_SESSION_SECRET" = "random" ] ; then
ANTIBOT_SESSION_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
fi
replace_in_file "/etc/nginx/main-lua.conf" "%ANTIBOT_SESSION_SECRET%" "$ANTIBOT_SESSION_SECRET"
# antibot via cookie
if [ "$USE_ANTIBOT" = "cookie" ] ; then
......
......@@ -3,11 +3,10 @@ local M = {}
local session = require "resty.session"
function M.session ()
local s = session:open()
if not s.started then
s:start()
if not ngx.ctx.session then
ngx.ctx.session = session:start()
end
return s
return ngx.ctx.session
end
function M.is_set (key)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment