cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

BIGIQ & Letsencrypt

AlexS_yb
Cirrostratus
Cirrostratus

Hi

 

Any one create an irule to handle the api landing for challenges ?

I can do manually

 

I was thinking irule should be able to handle

grab the info store it locally ? with time out

then when request comes through look up value and send

 

so

1) how to write irule to get post data

2) how to store locally - APM session isn't the place so where is ?

 

 

 

1 REPLY 1

AlexS_yb
Cirrostratus
Cirrostratus

So it seems like the BIGIQ doesn't actually do any magic ,, it talk to the lets encrypt servers

it utilised an API interface into a back end.

 

so for any one googling to here.

 

I have my VS and I have a backend pool - nginx on rhel

for location /.well-known/acme-challenge/

I send to the nginx pool

 

on nginx i have this

 location /.well-known/acme-challenge/ {

  root   /var/www/html/uatwww.yieldbroker.com;

  index   index.html index.htm index.php;

  #

  add_header Last-Modified $date_gmt;

  add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';

  if_modified_since off;

  expires off;

  etag off;

 

 

  location /.well-known/acme-challenge/api {

   #index   index.html index.htm index.php;

   #

   perl f5acme::handler;

  }

 

  #

 }

 

and the perl code is this

 

package f5acme;

 

#

# this is to be the end point

 

use nginx;

use JSON::Parse 'parse_json','assert_valid_json';

 

 

sub handler {

 my $r = shift;

 

 if ($r->request_method ne "POST") {

  return DECLINED;

 }

 

 

 if ($r->has_request_body(\&post)) {

  return OK;

 }

 

 return HTTP_BAD_REQUEST;

}

 

 

sub post {

 my $r = shift;

 

 $r->send_http_header;

 

 eval {

  assert_valid_json ($r->request_body);

 };

 

 if ($@){

  $r->print("Your JSON was invalid: $@\n");

  $r->status(406);

  return;

 }

 

 my $js = parse_json ($r->request_body);

 

 my $fname="/var/www/html/uatwww.yieldbroker.com/.well-known/acme-challenge/".$js->{'challenges'}[0]{'fileName'};

 

 unless ( open FILE, '>'.$fname ){

 

  $r->print("unable to create $fname\n");

  $r->status(406);

  return;

 }

 

 

seems to work , try at your own risk 🙂