feat: support openresty #25
Conversation
|
Hey thanks for the PR! Could you please instruct me on how to use it? |
|
Ok, https://github.com/openresty/lua-nginx-module running luajit on Nginx, And it impl some nginx api in luajit, so i want to use ilua online to execute this nginx related api. i use websocket to connect openresty server, use websocket message to trigger lua execute and complete, and return result to jupyter. Just install openresty, and then exec |
|
Okay I managed to try it out! Second, very cool. I see ssl is not implemented. Maybe we can self-sign ssl certs and configure openresty to use them so the console will have access to the Now regarding actually merging this. |
ilua/kernel.py
Outdated
|
|
||
| import twisted | ||
|
|
||
| from ilua import websocket |
| http { | ||
| lua_package_path './lua/?.lua;{LUALIB};'; | ||
| server { | ||
| listen {PORT}; |
There was a problem hiding this comment.
I see nginx is listening on 0.0.0.0, and that route goes into the unsandboxed lua interpreter
Not good for security.
There was a problem hiding this comment.
Well to solve this the first step would be to switch to 127.0.0.1. But even then is vulnerable to dns rebind.
This is (semi? not really?) mitigated in the native lua implementation by sticking to FIFOs. I don't plan on adding HMAC to the lua implementation soon 🤣 , so I guess you can for now at least listen too on a unix socket instead of tcp.
There was a problem hiding this comment.
Oh, i switched to TCP that does not using a UNIX socket, because twisted WebSocket not support UNIX socket. I debug this long time.
There was a problem hiding this comment.
pretty sure you can, let me get back to you with a POC.
|
I will consider creating iresty repo to achieve this( using ilua for the kernel classes ), but now I have no more time to do this. This implement looks dirty now. |
support openresty luajit interactive