Merge branch 'master' of ssh://git.coolaj86.com:22042/coolaj86/greenlock-express.js

README.md

@@ -1,15 +1,22 @@
+![Greenlock Logo](https://git.coolaj86.com/coolaj86/greenlock.js/raw/branch/master/logo/greenlock-1063x250.png "Greenlock Logo")
+
+!["Greenlock Function"](https://git.coolaj86.com/coolaj86/greenlock.js/raw/branch/master/logo/from-not-secure-to-secure-url-bar.png "from url bar showing not secure to url bar showing secure")
+
 Greenlock™ for Express.js
 =================
+Free SSL, Free Wildcard SSL, and Fully Automated HTTPS made dead simple<br>
+<small>certificates issued by Let's Encrypt v2 via [ACME](https://git.coolaj86.com/coolaj86/acme-v2.js)</small>
 
-An easy-to-use ACME client for Free SSL and Automated HTTPS.
+!["Lifetime Downloads"](https://img.shields.io/npm/dt/greenlock.svg "Lifetime Download Count can't be shown")
+!["Monthly Downloads"](https://img.shields.io/npm/dm/greenlock.svg "Monthly Download Count can't be shown")
+!["Weekly Downloads"](https://img.shields.io/npm/dw/greenlock.svg "Weekly Download Count can't be shown")
+!["Stackoverflow Questions"](https://img.shields.io/stackexchange/stackoverflow/t/greenlock.svg "S.O. Question count can't be shown")
 
 | Sponsored by [ppl](https://ppl.family) |
-[Greenlock&trade;](https://git.coolaj86.com/coolaj86/greenlock.js) for
+[Greenlock&trade;](https://git.coolaj86.com/coolaj86/greenlock.js) is for
-[cli](https://git.coolaj86.com/coolaj86/greenlock-cli.js),
+[Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js),
-[cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js),
+[Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html),
-**Express.js**,
+and **node.js middleware systems**.
-[Koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js),
-[hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js)
 
 Features
 ========
@@ -327,7 +334,7 @@ app.use('/', function (req, res) {
 });
 
 // handles your app
-require('https').createServer(lex.httpsOptions, lex.middleware(app)).listen(443, function () {
+require('https').createServer(lex.httpsOptions, app).listen(443, function () {
   console.log("Listening for ACME tls-sni-01 challenges and serve app on", this.address());
 });
 ```

examples/demo.js

@@ -0,0 +1,74 @@
+'use strict';
+
+// npm install spdy@3.x
+
+//var Greenlock = require('greenlock-express')
+var Greenlock = require('../');
+
+var greenlock = Greenlock.create({
+
+  // Let's Encrypt v2 is ACME draft 11
+  version: 'draft-11'
+
+  // You MUST change 'acme-staging-v02' to 'acme-v02' in production
+, server: 'https://acme-v02.api.letsencrypt.org/directory'
+
+  // You MUST change this to a valid email address
+, email: 'jon@example.com'
+
+  // You MUST NOT build clients that accept the ToS without asking the user
+, agreeTos: true
+
+  // You MUST change these to valid domains
+  // NOTE: all domains will validated and listed on the certificate
+, approveDomains: [ 'example.com', 'www.example.com' ]
+
+  // You MUST have access to write to directory where certs are saved
+  // ex: /home/foouser/acme/etc
+, configDir: require('path').join(require('os').homedir(), 'acme', 'etc')
+
+  // Get notified of important updates and help me make greenlock better
+, communityMember: true
+
+//, debug: true
+
+});
+
+
+
+////////////////////////
+// http-01 Challenges //
+////////////////////////
+
+// http-01 challenge happens over http/1.1, not http2
+var redirectHttps = require('redirect-https')();
+var acmeChallengeHandler = greenlock.middleware(function (req, res) {
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  res.end('<h1>Hello, ⚠️ Insecure World!</h1><a>Visit Secure Site</a>'
+    + '<script>document.querySelector("a").href=window.location.href.replace(/^http/i, "https");</script>'
+  );
+});
+require('http').createServer(acmeChallengeHandler).listen(80, function () {
+  console.log("Listening for ACME http-01 challenges on", this.address());
+});
+
+
+
+////////////////////////
+// http2 via SPDY h2  //
+////////////////////////
+
+// spdy is a drop-in replacement for the https API
+var spdyOptions = Object.assign({}, greenlock.tlsOptions);
+spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
+var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) {
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  res.end('<h1>Hello, 🔐 Secure World!</h1>');
+}));
+server.on('error', function (err) {
+  console.error(err);
+});
+server.on('listening', function () {
+  console.log("Listening for SPDY/http2/https requests on", this.address());
+});
+server.listen(443);

examples/http2.js

@@ -0,0 +1,70 @@
+'use strict';
+
+//var Greenlock = require('greenlock-express')
+var Greenlock = require('../');
+
+var greenlock = Greenlock.create({
+
+  // Let's Encrypt v2 is ACME draft 11
+  version: 'draft-11'
+
+  // You MUST change 'acme-staging-v02' to 'acme-v02' in production
+, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
+
+  // You MUST change this to a valid email address
+, email: 'jon@example.com'
+
+  // You MUST NOT build clients that accept the ToS without asking the user
+, agreeTos: true
+
+  // You MUST change these to valid domains
+  // NOTE: all domains will validated and listed on the certificate
+, approveDomains: [ 'example.com', 'www.example.com' ]
+
+  // You MUST have access to write to directory where certs are saved
+  // ex: /home/foouser/acme/etc
+, configDir: require('path').join(require('os').homedir(), 'acme', 'etc')
+
+  // Get notified of important updates and help me make greenlock better
+, communityMember: true
+
+//, debug: true
+
+});
+
+
+
+////////////////////////
+// http-01 Challenges //
+////////////////////////
+
+// http-01 challenge happens over http/1.1, not http2
+var redirectHttps = require('redirect-https')();
+var acmeChallengeHandler = greenlock.middleware(redirectHttps);
+require('http').createServer(acmeChallengeHandler).listen(80, function () {
+  console.log("Listening for ACME http-01 challenges on", this.address());
+});
+
+
+
+////////////////////////
+// node.js' http2 api //
+////////////////////////
+
+// http2 is a new API with which you would use hapi or koa, not express
+var server = require('http2').createSecureServer(greenlock.tlsOptions);
+server.on('error', function (err) {
+  console.error(err);
+});
+server.on('stream', function (stream, headers) {
+  console.log(headers);
+  stream.respond({
+    'content-type': 'text/html'
+  , ':status': 200
+  });
+  stream.end('Hello, HTTP2 World!');
+});
+server.on('listening', function () {
+  console.log("Listening for http2 requests on", this.address());
+});
+server.listen(443);

examples/spdy.js

@@ -0,0 +1,69 @@
+'use strict';
+
+// npm install spdy@3.x
+
+//var Greenlock = require('greenlock-express')
+var Greenlock = require('../');
+
+var greenlock = Greenlock.create({
+
+  // Let's Encrypt v2 is ACME draft 11
+  version: 'draft-11'
+
+  // You MUST change 'acme-staging-v02' to 'acme-v02' in production
+, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
+
+  // You MUST change this to a valid email address
+, email: 'jon@example.com'
+
+  // You MUST NOT build clients that accept the ToS without asking the user
+, agreeTos: true
+
+  // You MUST change these to valid domains
+  // NOTE: all domains will validated and listed on the certificate
+, approveDomains: [ 'example.com', 'www.example.com' ]
+
+  // You MUST have access to write to directory where certs are saved
+  // ex: /home/foouser/acme/etc
+, configDir: require('path').join(require('os').homedir(), 'acme', 'etc')
+
+  // Get notified of important updates and help me make greenlock better
+, communityMember: true
+
+//, debug: true
+
+});
+
+
+
+////////////////////////
+// http-01 Challenges //
+////////////////////////
+
+// http-01 challenge happens over http/1.1, not http2
+var redirectHttps = require('redirect-https')();
+var acmeChallengeHandler = greenlock.middleware(redirectHttps);
+require('http').createServer(acmeChallengeHandler).listen(80, function () {
+  console.log("Listening for ACME http-01 challenges on", this.address());
+});
+
+
+
+////////////////////////
+// http2 via SPDY h2  //
+////////////////////////
+
+// spdy is a drop-in replacement for the https API
+var spdyOptions = Object.assign({}, greenlock.tlsOptions);
+spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
+var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) {
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  res.end('Hello, SPDY World!\n\n💚 🔒.js');
+}));
+server.on('error', function (err) {
+  console.error(err);
+});
+server.on('listening', function () {
+  console.log("Listening for SPDY/http2/https requests on", this.address());
+});
+server.listen(443);

package.json

@@ -8,12 +8,16 @@
     "example": "examples"
   },
   "dependencies": {
-    "greenlock": "^2.2.8",
+    "acme-v2": "^1.0.7",
+    "greenlock": "^2.2.16",
     "le-challenge-fs": "^2.0.8",
     "le-sni-auto": "^2.1.4",
-    "le-store-certbot": "^2.0.5",
+    "le-store-certbot": "^2.1.0",
     "redirect-https": "^1.1.5"
   },
+  "optionalDependencies": {
+    "spdy": "^3.4.7"
+  },
   "devDependencies": {
     "express": "^4.16.3",
     "express-basic-auth": "^1.1.5",