lua-resty-http-simple and https

[dsgnvictor]

Hi,

Looking for https sub-requests in Openresty I found an answer from agentzh regarding resty.http.simple:

>>...

Actually there is a third one from Brian Akins: 

    https://github.com/bakins/lua-resty-http-simple 

...

I don't think any of them supports https due to the lack of SSL 

support in the underlying ngx_lua cosocket API. 

>>

As far as I understand ngx_lua cosocket supports SSL now, so would it be possible to get that support in the http.simple.lua as well ?

Using ngx.capture and proxy is not that straightforward and easy especially for POST-ing

Victor

[Lord Nynex]

I disagree. ngx.capture and proxy is incredibly straight forward. In fact, it's the most straightforward thing there is because 99% of the implementation is done in the nginx config. Infact, I see much better performance in this configuration because I get to do crafty things like: 

upstream sslThirdPartyAPI {

  server ssl.thirdpartyapi.com:443;

  keepalive 32;

}

server {

  location / {

    set $_url "";

    content_by_lua '

res = ngx.location.capture "/proxy", {
  method: "POST"
  body: SOMEBODYDATAHERE
  ctx: {
    headers: req.headers
  }
  vars: { _url: "http://ssl.thirdpartyapi.com/some/endpoint" }
  } ';

  }

  location /proxy {

    internal;

    rewrite_by_lua 'GET YO HEADERS RIGHT';

    proxy_set_header Connection "";

    proxy_set_header Host "ssl.thirdpartyapi.com";

    proxy_buffering off;

    proxy_buffers 8 10m;

    keepalive_requests 5000;

    keepalive_timeout 300s;

    proxy_http_version 1.1;

    proxy_pass https://sslThirdPartyAPI/$_url

  }

}

This is sub-optimal if you need to talk to many different ssl targets, but is incredibly fast/efficient for a single upstream target. The reason is, you get all the benefit of upstream keep alive connections which avoids having to re-establish the SSL connection on every request. 

This configuration is completely off the top of my head as my own configurations are proprietary. But you can take a look at http://leafo.net/lapis/reference/utilities.html#making-http-requests

--
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openresty-en...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Hurst]

Hi,

On 18 March 2015 at 09:57, dsgnvictor <dsgnv...@gmail.com> wrote:

As far as I understand ngx_lua cosocket supports SSL now, so would it be possible to get that support in the http.simple.lua as well ?

Using ngx.capture and proxy is not that straightforward and easy especially for POST-ing

Victor

lua-resty-http (https://github.com/pintsized/lua-resty-http) supports SSL cosockets, both with its generic interface as well as its "simple" interface if that's what you prefer.

Regards,

James.

[Yichun Zhang (agentzh)]

Hello!

On Wed, Mar 18, 2015 at 12:21 PM, Lord Nynex wrote:
> This is sub-optimal if you need to talk to many different ssl targets, but
> is incredibly fast/efficient for a single upstream target. The reason is,
> you get all the benefit of upstream keep alive connections which avoids
> having to re-establish the SSL connection on every request.
>

Well, just to be clear: ngx_lua's SSL cosocket API also supports both
connection pooling and SSL session reuse so you don't have to redo SSL
handshake upon every request either ;) This is not really an advantage
of ngx_proxy over ngx_lua cosockets at all.

One problem with ngx.location.capture is that it's very inefficient
(and also dangerous) for responses that could be huge (like hundreds
of megabytes or even gigabytes) because it always mandates full
buffering of the response.

Regards,
-agentzh

[dsgnvictor]

On Thursday, March 19, 2015 at 5:26:18 PM UTC+1, James Hurst wrote:

lua-resty-http (https://github.com/pintsized/lua-resty-http) supports SSL cosockets, both with its generic interface as well as its "simple" interface if that's what you prefer.

Regards,

James.

Thanks a lot! Works great.I needed something simple for calling https-ed MailChimp API. 

Just one small thing - not related to MC API - res.headers["Set-Cookie"] returns concatenated cookies strings.

So for cookies "foo=bar;path=/" and "another_one=avalue" it returns "foo=bar;path=/another_one=avalue" which is not very useful.

I removed "to_string" in "_receive_headers" and getting a table from res.headers["Set-Cookie"] now.

best,

Victor

[James Hurst]

Hi,

Sorry I'm not sure I fully understand. No concatenation should be happening. lua-resty-http is supposed to give you whatever it received - either one header, or a table of header values in the order they are received.

Can you provide an example HTTP response which doesn't behave as you expect so I can take a proper look? It might be best to raise this as an issue over here: https://github.com/pintsized/lua-resty-http/issues

Thanks,

James.

[dsgnvictor]

On Monday, March 23, 2015 at 12:48:01 PM UTC+1, James Hurst wrote:

Hi,

Sorry I'm not sure I fully understand. No concatenation should be happening. lua-resty-http is supposed to give you whatever it received - either one header, or a table of header values in the order they are received.

Can you provide an example HTTP response which doesn't behave as you expect so I can take a proper look? It might be best to raise this as an issue over here: https://github.com/pintsized/lua-resty-http/issues

Thanks,

James.

Hi,

Yes, I will try to provide a simplified but still working example and will post on github.

Thanks again for the great working code. No PHP, no Curl. I'm so impressed with Openresty! Really amazing.

Victor