diff --git a/README.md b/README.md index 9f44193..0352e81 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,22 @@ +![Greenlock Logo](https://git.coolaj86.com/coolaj86/greenlock.js/raw/branch/master/logo/greenlock-1063x250.png "Greenlock Logo") + +!["Greenlock Function"](https://git.coolaj86.com/coolaj86/greenlock.js/raw/branch/master/logo/from-not-secure-to-secure-url-bar.png "from url bar showing not secure to url bar showing secure") + Greenlock™ for Express.js ================= +Free SSL, Free Wildcard SSL, and Fully Automated HTTPS made dead simple
+certificates issued by Let's Encrypt v2 via [ACME](https://git.coolaj86.com/coolaj86/acme-v2.js) -An easy-to-use ACME client for Free SSL and Automated HTTPS. +!["Lifetime Downloads"](https://img.shields.io/npm/dt/greenlock.svg "Lifetime Download Count can't be shown") +!["Monthly Downloads"](https://img.shields.io/npm/dm/greenlock.svg "Monthly Download Count can't be shown") +!["Weekly Downloads"](https://img.shields.io/npm/dw/greenlock.svg "Weekly Download Count can't be shown") +!["Stackoverflow Questions"](https://img.shields.io/stackexchange/stackoverflow/t/greenlock.svg "S.O. Question count can't be shown") | Sponsored by [ppl](https://ppl.family) | -[Greenlock™](https://git.coolaj86.com/coolaj86/greenlock.js) for -[cli](https://git.coolaj86.com/coolaj86/greenlock-cli.js), -[cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js), -**Express.js**, -[Koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js), -[hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js) +[Greenlock™](https://git.coolaj86.com/coolaj86/greenlock.js) is for +[Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js), +[Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html), +and **node.js middleware systems**. Features ======== @@ -327,7 +334,7 @@ app.use('/', function (req, res) { }); // handles your app -require('https').createServer(lex.httpsOptions, lex.middleware(app)).listen(443, function () { +require('https').createServer(lex.httpsOptions, app).listen(443, function () { console.log("Listening for ACME tls-sni-01 challenges and serve app on", this.address()); }); ``` diff --git a/examples/demo.js b/examples/demo.js new file mode 100644 index 0000000..fc9b2ba --- /dev/null +++ b/examples/demo.js @@ -0,0 +1,74 @@ +'use strict'; + +// npm install spdy@3.x + +//var Greenlock = require('greenlock-express') +var Greenlock = require('../'); + +var greenlock = Greenlock.create({ + + // Let's Encrypt v2 is ACME draft 11 + version: 'draft-11' + + // You MUST change 'acme-staging-v02' to 'acme-v02' in production +, server: 'https://acme-v02.api.letsencrypt.org/directory' + + // You MUST change this to a valid email address +, email: 'jon@example.com' + + // You MUST NOT build clients that accept the ToS without asking the user +, agreeTos: true + + // You MUST change these to valid domains + // NOTE: all domains will validated and listed on the certificate +, approveDomains: [ 'example.com', 'www.example.com' ] + + // You MUST have access to write to directory where certs are saved + // ex: /home/foouser/acme/etc +, configDir: require('path').join(require('os').homedir(), 'acme', 'etc') + + // Get notified of important updates and help me make greenlock better +, communityMember: true + +//, debug: true + +}); + + + +//////////////////////// +// http-01 Challenges // +//////////////////////// + +// http-01 challenge happens over http/1.1, not http2 +var redirectHttps = require('redirect-https')(); +var acmeChallengeHandler = greenlock.middleware(function (req, res) { + res.setHeader('Content-Type', 'text/html; charset=utf-8'); + res.end('

Hello, āš ļø Insecure World!

Visit Secure Site' + + '' + ); +}); +require('http').createServer(acmeChallengeHandler).listen(80, function () { + console.log("Listening for ACME http-01 challenges on", this.address()); +}); + + + +//////////////////////// +// http2 via SPDY h2 // +//////////////////////// + +// spdy is a drop-in replacement for the https API +var spdyOptions = Object.assign({}, greenlock.tlsOptions); +spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false }; +var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) { + res.setHeader('Content-Type', 'text/html; charset=utf-8'); + res.end('

Hello, šŸ” Secure World!

'); +})); +server.on('error', function (err) { + console.error(err); +}); +server.on('listening', function () { + console.log("Listening for SPDY/http2/https requests on", this.address()); +}); +server.listen(443); diff --git a/examples/http2.js b/examples/http2.js new file mode 100644 index 0000000..2cc416f --- /dev/null +++ b/examples/http2.js @@ -0,0 +1,70 @@ +'use strict'; + +//var Greenlock = require('greenlock-express') +var Greenlock = require('../'); + +var greenlock = Greenlock.create({ + + // Let's Encrypt v2 is ACME draft 11 + version: 'draft-11' + + // You MUST change 'acme-staging-v02' to 'acme-v02' in production +, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + + // You MUST change this to a valid email address +, email: 'jon@example.com' + + // You MUST NOT build clients that accept the ToS without asking the user +, agreeTos: true + + // You MUST change these to valid domains + // NOTE: all domains will validated and listed on the certificate +, approveDomains: [ 'example.com', 'www.example.com' ] + + // You MUST have access to write to directory where certs are saved + // ex: /home/foouser/acme/etc +, configDir: require('path').join(require('os').homedir(), 'acme', 'etc') + + // Get notified of important updates and help me make greenlock better +, communityMember: true + +//, debug: true + +}); + + + +//////////////////////// +// http-01 Challenges // +//////////////////////// + +// http-01 challenge happens over http/1.1, not http2 +var redirectHttps = require('redirect-https')(); +var acmeChallengeHandler = greenlock.middleware(redirectHttps); +require('http').createServer(acmeChallengeHandler).listen(80, function () { + console.log("Listening for ACME http-01 challenges on", this.address()); +}); + + + +//////////////////////// +// node.js' http2 api // +//////////////////////// + +// http2 is a new API with which you would use hapi or koa, not express +var server = require('http2').createSecureServer(greenlock.tlsOptions); +server.on('error', function (err) { + console.error(err); +}); +server.on('stream', function (stream, headers) { + console.log(headers); + stream.respond({ + 'content-type': 'text/html' + , ':status': 200 + }); + stream.end('Hello, HTTP2 World!'); +}); +server.on('listening', function () { + console.log("Listening for http2 requests on", this.address()); +}); +server.listen(443); diff --git a/examples/spdy.js b/examples/spdy.js new file mode 100644 index 0000000..e289817 --- /dev/null +++ b/examples/spdy.js @@ -0,0 +1,69 @@ +'use strict'; + +// npm install spdy@3.x + +//var Greenlock = require('greenlock-express') +var Greenlock = require('../'); + +var greenlock = Greenlock.create({ + + // Let's Encrypt v2 is ACME draft 11 + version: 'draft-11' + + // You MUST change 'acme-staging-v02' to 'acme-v02' in production +, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + + // You MUST change this to a valid email address +, email: 'jon@example.com' + + // You MUST NOT build clients that accept the ToS without asking the user +, agreeTos: true + + // You MUST change these to valid domains + // NOTE: all domains will validated and listed on the certificate +, approveDomains: [ 'example.com', 'www.example.com' ] + + // You MUST have access to write to directory where certs are saved + // ex: /home/foouser/acme/etc +, configDir: require('path').join(require('os').homedir(), 'acme', 'etc') + + // Get notified of important updates and help me make greenlock better +, communityMember: true + +//, debug: true + +}); + + + +//////////////////////// +// http-01 Challenges // +//////////////////////// + +// http-01 challenge happens over http/1.1, not http2 +var redirectHttps = require('redirect-https')(); +var acmeChallengeHandler = greenlock.middleware(redirectHttps); +require('http').createServer(acmeChallengeHandler).listen(80, function () { + console.log("Listening for ACME http-01 challenges on", this.address()); +}); + + + +//////////////////////// +// http2 via SPDY h2 // +//////////////////////// + +// spdy is a drop-in replacement for the https API +var spdyOptions = Object.assign({}, greenlock.tlsOptions); +spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false }; +var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) { + res.setHeader('Content-Type', 'text/html; charset=utf-8'); + res.end('Hello, SPDY World!\n\nšŸ’š šŸ”’.js'); +})); +server.on('error', function (err) { + console.error(err); +}); +server.on('listening', function () { + console.log("Listening for SPDY/http2/https requests on", this.address()); +}); +server.listen(443); diff --git a/package.json b/package.json index 5ea741b..d738447 100644 --- a/package.json +++ b/package.json @@ -8,12 +8,16 @@ "example": "examples" }, "dependencies": { - "greenlock": "^2.2.8", + "acme-v2": "^1.0.7", + "greenlock": "^2.2.16", "le-challenge-fs": "^2.0.8", "le-sni-auto": "^2.1.4", - "le-store-certbot": "^2.0.5", + "le-store-certbot": "^2.1.0", "redirect-https": "^1.1.5" }, + "optionalDependencies": { + "spdy": "^3.4.7" + }, "devDependencies": { "express": "^4.16.3", "express-basic-auth": "^1.1.5",