greenlock-express.js/examples/vhost.js

91 lines
2.8 KiB
JavaScript
Raw Normal View History

2018-05-05 19:56:28 +00:00
#!/usr/bin/env node
'use strict';
// This is an example for virtual hosting
var email = 'john@example.com';
// The prefix where sites go by name.
// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path
var srv = '/srv/www/';
var fs = require('fs');
var finalhandler = require('finalhandler');
var serveStatic = require('serve-static');
var path = require('path');
2018-08-16 08:44:10 +00:00
// Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
2018-05-05 19:56:28 +00:00
//require('greenlock-express')
require('../').create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
2018-05-19 23:54:08 +00:00
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
2018-05-05 19:56:28 +00:00
, approveDomains: function (opts, certs, cb) {
// In this example the filesystem is our "database".
// We check in /srv/www for whateve.com and if it exists, it's allowed
// The domains being approved for the first time are listed in opts.domains
2018-05-10 06:53:45 +00:00
2018-05-05 19:56:28 +00:00
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = certs.altnames;
cb(null, { options: opts, certs: certs });
return;
}
2018-08-16 08:44:10 +00:00
// SECURITY Greenlock validates opts.domains ahead-of-time
2018-05-05 19:56:28 +00:00
var hostdir = path.join(srv, opts.domains[0]);
2018-08-16 08:44:10 +00:00
// TODO could test for www/no-www both in directory and IP
2018-05-05 19:56:28 +00:00
fs.readdir(hostdir, function (err, nodes) {
2018-08-16 08:44:10 +00:00
var e;
2018-05-05 19:56:28 +00:00
if (err || !nodes) {
2018-08-16 08:44:10 +00:00
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
2018-05-05 19:56:28 +00:00
console.error(err);
console.error(e);
cb(e);
return;
}
// TODO check for some sort of htaccess.json and use email in that
// NOTE: you can also change other options such as `challengeType` and `challenge`
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
opts.email = email;
opts.agreeTos = true;
cb(null, { options: opts, certs: certs });
});
}
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
2018-07-03 09:25:12 +00:00
, configDir: '~/.config/acme/'
2018-05-05 19:56:28 +00:00
, app: function (req, res) {
console.log(req.headers.host);
var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
2018-08-16 08:44:10 +00:00
// SECURITY sanatize hostname to prevent unauthorized fs access
2018-05-05 19:56:28 +00:00
if (!hostnameRe.test(hostname)) {
res.statusCode = 404;
res.end('Bad Hostname');
return;
}
var serve = serveStatic(path.join(srv, hostname), { redirect: true });
serve(req, res, finalhandler(req, res));
}
2018-05-10 06:53:45 +00:00
// Get notified of important updates and help me make greenlock better
, communityMember: true
2018-05-05 19:56:28 +00:00
//, debug: true
2018-05-10 06:53:45 +00:00
}).listen(80, 443);