Forum Discussion
AlexS_yb
Cirrocumulus
CirrocumulusBIGIQ & Letsencrypt
Hi
Any one create an irule to handle the api landing for challenges ?
I can do manually
I was thinking irule should be able to handle
grab the info store it locally ? with time out
then when request comes through look up value and send
so
1) how to write irule to get post data
2) how to store locally - APM session isn't the place so where is ?
AlexS_ybSo it seems like the BIGIQ doesn't actually do any magic ,, it talk to the lets encrypt servers
it utilised an API interface into a back end.
so for any one googling to here.
I have my VS and I have a backend pool - nginx on rhel
for location /.well-known/acme-challenge/
I send to the nginx pool
on nginx i have this
location /.well-known/acme-challenge/ {
root /var/www/html/uatwww.yieldbroker.com;
index index.html index.htm index.php;
#
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
location /.well-known/acme-challenge/api {
#index index.html index.htm index.php;
#
perl f5acme::handler;
}
#
}
and the perl code is this
package f5acme;
#
# this is to be the end point
use nginx;
use JSON::Parse 'parse_json','assert_valid_json';
sub handler {
my $r = shift;
if ($r->request_method ne "POST") {
return DECLINED;
}
if ($r->has_request_body(\&post)) {
return OK;
}
return HTTP_BAD_REQUEST;
}
sub post {
my $r = shift;
$r->send_http_header;
eval {
assert_valid_json ($r->request_body);
};
if ($@){
$r->print("Your JSON was invalid: $@\n");
$r->status(406);
return;
}
my $js = parse_json ($r->request_body);
my $fname="/var/www/html/uatwww.yieldbroker.com/.well-known/acme-challenge/".$js->{'challenges'}[0]{'fileName'};
unless ( open FILE, '>'.$fname ){
$r->print("unable to create $fname\n");
$r->status(406);
return;
}
seems to work , try at your own risk :)