marklkelly/apex-redirect.conf

## apex-redirect.conf
#Stripped down for illustrative purposes.

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }


    server {
        listen 443 ssl default_server;
        ssl_certificate_by_lua '
            local ssl = require "ngx.ssl"
            local server_name = ssl.server_name()
            local addr, addrtyp, err = ssl.raw_server_addr()
            local byte = string.byte
            local cert_path = ""

            ssl.clear_certs()

            -- Check for SNI request.
            if server_name == nil then
                ngx.log(ngx.INFO, "SNI Not present - performing IP lookup")

                -- Set server name as IP address.
                server_name = string.format("%d.%d.%d.%d", byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4))
                ngx.log(ngx.INFO, "IP Address: ", server_name)
            end

            -- Set certifcate paths
            cert_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".der"
            key_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".key.der"


            -- Attempt to retrieve and set certificate for request.
            local f = assert(io.open(cert_path))
            local cert_data = f:read("*a")
            f:close()

            local ok, err = ssl.set_der_cert(cert_data)
            if not ok then
                ngx.log(ngx.ERR, "failed to set DER cert: ", err)
                return
            end

            -- Attempt to retrieve and set key for request.
            local f = assert(io.open(key_path))
            local pkey_data = f:read("*a")
            f:close()

            local ok, err = ssl.set_der_priv_key(pkey_data)

            if not ok then
                ngx.log(ngx.ERR, "failed to set DER key: ", err)
                return
            end
         ';

        ssl_certificate /usr/local/openresty/nginx/ssl/default.litespeed.io.pem;
        ssl_certificate_key /usr/local/openresty/nginx/ssl/default.litespeed.io.com.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        location / {
            rewrite ^ https://www.$host$request_uri permanent;
            # for testing
            # content_by_lua '
            # ngx.header["Content-Type"] = "text/plain"
            # ngx.status = 201 ngx.say("foo")
            # ngx.exit(201)';
        }
    }

    server {
            listen   80 default_server;
            location / {
                rewrite ^ https://www.$host$request_uri permanent;
            }
    }
  }
	#Stripped down for illustrative purposes.

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	sendfile on;
	keepalive_timeout 65;
	gzip on;

	server {
	listen 80;
	server_name localhost;

	#access_log logs/host.access.log main;

	location / {
	root html;
	index index.html index.htm;
	}

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root html;
	}
	}


	server {
	listen 443 ssl default_server;
	ssl_certificate_by_lua '
	local ssl = require "ngx.ssl"
	local server_name = ssl.server_name()
	local addr, addrtyp, err = ssl.raw_server_addr()
	local byte = string.byte
	local cert_path = ""

	ssl.clear_certs()

	-- Check for SNI request.
	if server_name == nil then
	ngx.log(ngx.INFO, "SNI Not present - performing IP lookup")

	-- Set server name as IP address.
	server_name = string.format("%d.%d.%d.%d", byte(addr, 1), byte(addr, 2), byte(addr, 3), byte(addr, 4))
	ngx.log(ngx.INFO, "IP Address: ", server_name)
	end

	-- Set certifcate paths
	cert_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".der"
	key_path = "/usr/local/openresty/nginx/ssl/" .. server_name .. ".key.der"


	-- Attempt to retrieve and set certificate for request.
	local f = assert(io.open(cert_path))
	local cert_data = f:read("*a")
	f:close()

	local ok, err = ssl.set_der_cert(cert_data)
	if not ok then
	ngx.log(ngx.ERR, "failed to set DER cert: ", err)
	return
	end

	-- Attempt to retrieve and set key for request.
	local f = assert(io.open(key_path))
	local pkey_data = f:read("*a")
	f:close()

	local ok, err = ssl.set_der_priv_key(pkey_data)

	if not ok then
	ngx.log(ngx.ERR, "failed to set DER key: ", err)
	return
	end
	';

	ssl_certificate /usr/local/openresty/nginx/ssl/default.litespeed.io.pem;
	ssl_certificate_key /usr/local/openresty/nginx/ssl/default.litespeed.io.com.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	location / {
	rewrite ^ https://www.$host$request_uri permanent;
	# for testing
	# content_by_lua '
	# ngx.header["Content-Type"] = "text/plain"
	# ngx.status = 201 ngx.say("foo")
	# ngx.exit(201)';
	}
	}

	server {
	listen 80 default_server;
	location / {
	rewrite ^ https://www.$host$request_uri permanent;
	}
	}
	}