improve certificate configuration detection per request

rootfs/etc/nginx/lua/certificate.lua

@@ -48,12 +48,14 @@ local function get_pem_cert_key(raw_hostname)
   return pem_cert_key
 end
 
-function _M.configured_for_server(hostname)
+function _M.configured_for_current_request()
-  if not hostname then
+  if ngx.ctx.configured_for_current_request ~= nil then
-    return false
+    return ngx.ctx.configured_for_current_request
   end
 
-  return get_pem_cert_key(hostname) ~= nil
+  ngx.ctx.configured_for_current_request = get_pem_cert_key(ngx.var.host) ~= nil
+
+  return ngx.ctx.configured_for_current_request
 end
 
 function _M.call()

rootfs/etc/nginx/lua/lua_ingress.lua

@@ -1,6 +1,6 @@
 local ngx_re_split = require("ngx.re").split
 
-local certificate_configured_for_server = require("certificate").configured_for_server
+local certificate_configured_for_current_request = require("certificate").configured_for_current_request
 
 local original_randomseed = math.randomseed
 local string_format = string.format
@@ -69,7 +69,7 @@ local function redirect_to_https(location_config)
     return true
   end
 
-  return location_config.ssl_redirect and certificate_configured_for_server(ngx.var.host)
+  return location_config.ssl_redirect and certificate_configured_for_current_request()
 end
 
 local function redirect_host()
@@ -143,7 +143,7 @@ function _M.rewrite(location_config)
     ngx_redirect(uri, config.http_redirect_code)
   end
 
-  if config.hsts and ngx.var.scheme == "https" and certificate_configured_for_server(ngx.var.host) then
+  if config.hsts and ngx.var.scheme == "https" and certificate_configured_for_current_request then
     local value = "max-age=" .. config.hsts_max_age
     if config.hsts_include_subdomains then
       value = value .. "; includeSubDomains"

rootfs/etc/nginx/lua/test/certificate_test.lua

@@ -130,21 +130,28 @@ describe("Certificate", function()
     end)
   end)
 
-  describe("configured_for_server", function()
+  describe("configured_for_current_request", function()
     before_each(function()
+      local _ngx = { var = { host = "hostname" } }
+      setmetatable(_ngx, {__index = _G.ngx})
+      _G.ngx = _ngx
+      ngx.ctx.configured_for_current_request = nil
+
       set_certificate("hostname", EXAMPLE_CERT, UUID)
     end)
 
     it("returns true when certificate exists for given server", function()
-      assert.is_true(certificate.configured_for_server("hostname"))
+      assert.is_true(certificate.configured_for_current_request())
     end)
 
     it("returns false when certificate does not exist for given server", function()
-      assert.is_false(certificate.configured_for_server("hostname.xyz"))
+      ngx.var.host = "hostname.xyz"
+      assert.is_false(certificate.configured_for_current_request())
     end)
 
-    it("returns false when no server given", function()
+    it("returns cached value from ngx.ctx", function()
-      assert.is_false(certificate.configured_for_server())
+      ngx.ctx.configured_for_current_request = false
+      assert.is_false(certificate.configured_for_current_request())
     end)
   end)
 end)