auto-ssl
diff --git a/‎README.md‎
Lines changed: 6 additions & 0 deletions b/‎README.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎lib/resty/auto-ssl/servers/hook.lua‎
Lines changed: 16 additions & 5 deletions b/‎lib/resty/auto-ssl/servers/hook.lua‎
Lines changed: 16 additions & 5 deletions
diff --git a/‎t/file.t‎
Lines changed: 4 additions & 0 deletions b/‎t/file.t‎
Lines changed: 4 additions & 0 deletions
@@ -116,6 +116,12 @@ http {
   # Internal server running on port 8999 for handling certificate tasks.
   server {
     listen 127.0.0.1:8999;
+
+    # Increase the body buffer size, to ensure the internal POSTs can always
+    # parse the full POST contents into memory.
+    client_body_buffer_size 128k;
+    client_max_body_size 128k;
+
     location / {
       content_by_lua_block {
         auto_ssl:hook_server()
 
@@ -4,14 +4,19 @@
 -- that can be shared across multiple servers, so this can work in a
 -- multi-server, load-balanced environment).
 return function(auto_ssl_instance)
-  ngx.req.read_body()
-  local path = ngx.var.request_uri
-  local params = ngx.req.get_post_args()
-
   if ngx.var.http_x_hook_secret ~= ngx.shared.auto_ssl_settings:get("hook_server:secret") then
-    return ngx.exit(ngx.HTTP_FORBIDDEN)
+    ngx.log(ngx.ERR, "auto-ssl: unauthorized access to hook server (hook secret did not match)")
+    return ngx.exit(ngx.HTTP_UNAUTHORIZED)
   end
 
+  ngx.req.read_body()
+  local params, params_err = ngx.req.get_post_args()
+  if not params then
+    ngx.log(ngx.ERR, "auto-ssl: failed to parse POST args: ", params_err)
+    return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+  end
+
+  local path = ngx.var.request_uri
   local storage = auto_ssl_instance:get("storage")
   if path == "/deploy-challenge" then
     assert(params["domain"])
@@ -20,13 +25,15 @@ return function(auto_ssl_instance)
     local _, err = storage:set_challenge(params["domain"], params["token_filename"], params["token_value"])
     if err then
       ngx.log(ngx.ERR, "auto-ssl: failed to set challenge: ", err)
+      return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
     end
   elseif path == "/clean-challenge" then
     assert(params["domain"])
     assert(params["token_filename"])
     local _, err = storage:delete_challenge(params["domain"], params["token_filename"])
     if err then
       ngx.log(ngx.ERR, "auto-ssl: failed to delete challenge: ", err)
+      return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
     end
   elseif path == "/deploy-cert" then
     assert(params["domain"])
@@ -35,6 +42,10 @@ return function(auto_ssl_instance)
     local _, err = storage:set_cert(params["domain"], params["fullchain"], params["privkey"], params["cert"])
     if err then
       ngx.log(ngx.ERR, "auto-ssl: failed to set cert: ", err)
+      return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
     end
+  else
+    ngx.log(ngx.ERR, "auto-ssl: unknown request to hook server: ", path)
+    return ngx.exit(ngx.HTTP_NOT_FOUND)
   end
 end
@@ -64,6 +64,8 @@ __DATA__
 
   server {
     listen 127.0.0.1:8999;
+    client_body_buffer_size 128k;
+    client_max_body_size 128k;
     location / {
       content_by_lua_block {
         auto_ssl:hook_server()
@@ -190,6 +192,8 @@ auto-ssl: issuing new certificate for
 
   server {
     listen 127.0.0.1:8999;
+    client_body_buffer_size 128k;
+    client_max_body_size 128k;
     location / {
       content_by_lua_block {
         auto_ssl:hook_server()