add ssl support

[sitano]

I have added ssl handshake if requested to support https during health checking. It also able to skip cert checks which is fine for my use case. Session caching could be added in the future.

    local ok, err = hc.spawn_checker{
        shm = "healthcheck",  -- defined by "lua_shared_dict"
        upstream = "foo.com", -- defined by "upstream"
        type = "http",

        -- if you put this Lua snippet in separate .lua file,
        -- then you should write this instead: http_req = "GET /status HTTP/1.0\r\nHost: foo.com\r\n\r\n",
        http_req = "GET /status HTTP/1.0\\r\\nHost: foo.com\\r\\n\\r\\n",
                -- raw HTTP request for checking

        ssl = true, -- use https
        ssl_verify = false, -- verify SSL certs, see https://github.com/openresty/lua-nginx-module/pull/290

        interval = 2000,  -- run the check cycle every 2 sec
        timeout = 1000,   -- 1 sec is the timeout for network operations
        fall = 3,  -- # of successive failures before turning a peer down
        rise = 2,  -- # of successive successes before turning a peer up
        valid_statuses = {200, 302},  -- a list valid HTTP status code
        concurrency = 10,  -- concurrency level for test requests
    }

[sitano]

We can reuse ["type"] field instead of introducing separate ["ssl"] field. Missed it while developing a variant.

[sitano]

Now its

    local ok, err = hc.spawn_checker{
        shm = "healthcheck",
        upstream = "foo.com",

        type = "https",
        ssl_verify = false,

        http_req = "GET /status HTTP/1.0\\r\\nHost: foo.com\\r\\n\\r\\n",
    }

[agentzh]

Because type = "http" is a more common case, we should at least put it in a comment here?

[agentzh]

@sitano Thank you for the patch! Will you please add some corresponding test cases to the existing test suite (under t/) also? Thanks!

[sitano]

hi @agentzh . thanks for the comments . i will do all the changes you described . tests too . i was going to provide ssl session caching a bit later, but i will look into it .

[agentzh]

@sitano Great! Thanks!

[pasikarkkainen]

Any news about getting the ssl support merged?

[agentzh]

@pasikarkkainen Yeah, this is long overdue. Sorry about that. I'll look into this soon.

[pasikarkkainen]

Ping? :)

[binnn6]

hi @agentzh, why not just change socket to resty.http? And we do't have to bind this module with ngx.upstream, so we can use this module with balancer by lua ?

[bompus]

@agentzh Any update on this?

[agentzh]

@doujiang24 Please review this PR when you have a chance. Thanks!

[agentzh]

@bompus It seems that @sitano has not updated his branch according to the comments of my last round of review.

[agentzh]

Also, there's conflicts between this branch and master that must be solved before this PR can be merged.

[sitano]

@agentzh yes, sorry. no still.

[pasikarkkainen]

@sitano is it likely you'll be able to fix/resolve the merge conflict, or should someone else pick up this work? Thanks.

[sitano]

Hi. Better pickup if in a hurry. I am very short on time currently.

…

Sent from my iPhone

On 6 Dec 2016, at 11:25, pasikarkkainen ***@***.***> wrote: @sitano is it likely you'll be able to fix/resolve the merge conflict, or should someone else pick up this work? Thanks. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[ElvinEfendi]

This work is being completed at: Shopify#1