diff --git a/examples/old-demo.js b/examples/old-demo.js
deleted file mode 100644
index 8000314..0000000
--- a/examples/old-demo.js
+++ /dev/null
@@ -1,75 +0,0 @@
-"use strict";
-
-// npm install spdy@3.x
-
-//var Greenlock = require('greenlock-express')
-var Greenlock = require("../");
-
-var greenlock = Greenlock.create({
- // Let's Encrypt v2 is ACME draft 11
- version: "draft-11",
-
- server: "https://acme-v02.api.letsencrypt.org/directory",
- // Note: If at first you don't succeed, stop and switch to staging
- // https://acme-staging-v02.api.letsencrypt.org/directory
-
- // You MUST change this to a valid email address
- email: "jon@example.com",
-
- // You MUST NOT build clients that accept the ToS without asking the user
- agreeTos: true,
-
- // You MUST change these to valid domains
- // NOTE: all domains will validated and listed on the certificate
- approvedDomains: ["example.com", "www.example.com"],
-
- // You MUST have access to write to directory where certs are saved
- // ex: /home/foouser/acme/etc
- configDir: "~/.config/acme/",
-
- // Get notified of important updates and help me make greenlock better
- communityMember: true
-
- //, debug: true
-});
-
-////////////////////////
-// http-01 Challenges //
-////////////////////////
-
-// http-01 challenge happens over http/1.1, not http2
-var redirectHttps = require("redirect-https")();
-var acmeChallengeHandler = greenlock.middleware(function(req, res) {
- res.setHeader("Content-Type", "text/html; charset=utf-8");
- res.end(
- "Hello, ⚠️ Insecure World!
Visit Secure Site" +
- ''
- );
-});
-require("http")
- .createServer(acmeChallengeHandler)
- .listen(80, function() {
- console.log("Listening for ACME http-01 challenges on", this.address());
- });
-
-////////////////////////
-// http2 via SPDY h2 //
-////////////////////////
-
-// spdy is a drop-in replacement for the https API
-var spdyOptions = Object.assign({}, greenlock.tlsOptions);
-spdyOptions.spdy = { protocols: ["h2", "http/1.1"], plain: false };
-var server = require("spdy").createServer(
- spdyOptions,
- require("express")().use("/", function(req, res) {
- res.setHeader("Content-Type", "text/html; charset=utf-8");
- res.end("Hello, 🔐 Secure World!
");
- })
-);
-server.on("error", function(err) {
- console.error(err);
-});
-server.on("listening", function() {
- console.log("Listening for SPDY/http2/https requests on", this.address());
-});
-server.listen(443);
diff --git a/examples/old-force-renew.js b/examples/old-force-renew.js
deleted file mode 100644
index 6869f6f..0000000
--- a/examples/old-force-renew.js
+++ /dev/null
@@ -1,30 +0,0 @@
-"use strict";
-
-//require('greenlock-express')
-require("../")
- .create({
- // Let's Encrypt v2 is ACME draft 11
- version: "draft-11",
-
- server: "https://acme-v02.api.letsencrypt.org/directory",
- // Note: If at first you don't succeed, stop and switch to staging
- // https://acme-staging-v02.api.letsencrypt.org/directory
-
- email: "john.doe@example.com",
-
- agreeTos: true,
-
- approvedDomains: ["example.com", "www.example.com"],
-
- app: require("express")().use("/", function(req, res) {
- res.end("Hello, World!");
- }),
-
- renewWithin: 91 * 24 * 60 * 60 * 1000,
- renewBy: 90 * 24 * 60 * 60 * 1000,
-
- // Get notified of important updates and help me make greenlock better
- communityMember: true,
- debug: true
- })
- .listen(80, 443);
diff --git a/examples/old-remote-access.js b/examples/old-remote-access.js
deleted file mode 100644
index 2852aa1..0000000
--- a/examples/old-remote-access.js
+++ /dev/null
@@ -1,104 +0,0 @@
-"use strict";
-
-//
-// WARNING: Not for noobs
-// Try the simple example first
-//
-
-//
-// This demo is used with tunnel-server.js and tunnel-client.js
-//
-
-var email = "john.doe@gmail.com";
-var domains = ["example.com"];
-var agreeLeTos = true;
-//var secret = "My Little Brony";
-var secret = require("crypto")
- .randomBytes(16)
- .toString("hex");
-
-require("../")
- .create({
- version: "draft-11",
-
- server: "https://acme-v02.api.letsencrypt.org/directory",
- // Note: If at first you don't succeed, stop and switch to staging
- // https://acme-staging-v02.api.letsencrypt.org/directory
-
- email: email,
- agreeTos: agreeLeTos,
- approveDomains: domains,
- configDir: "~/.config/acme/",
- app: remoteAccess(secret),
- // Get notified of important updates and help me make greenlock better
- communityMember: true
- //, debug: true
- })
- .listen(3000, 8443);
-
-function remoteAccess(secret) {
- var express = require("express");
- var basicAuth = require("express-basic-auth");
- var serveIndex = require("serve-index");
-
- var rootIndex = serveIndex("/", { hidden: true, icons: true, view: "details" });
- var rootFs = express.static("/", { dotfiles: "allow", redirect: true, index: false });
-
- var userIndex = serveIndex(require("os").homedir(), { hidden: true, icons: true, view: "details" });
- var userFs = express.static(require("os").homedir(), { dotfiles: "allow", redirect: true, index: false });
-
- var app = express();
- var realm = "Login Required";
-
- var myAuth = basicAuth({
- users: { root: secret, user: secret },
- challenge: true,
- realm: realm,
- unauthorizedResponse: function(/*req*/) {
- return 'Unauthorized Home';
- }
- });
-
- app.get("/", function(req, res) {
- res.setHeader("Content-Type", "text/html; charset=utf-8");
- res.end('View Files' + " | " + 'Logout');
- });
- app.use("/logout", function(req, res) {
- res.setHeader("Content-Type", "text/html; charset=utf-8");
- res.setHeader("WWW-Authenticate", 'Basic realm="' + realm + '"');
- res.statusCode = 401;
- //res.setHeader('Location', '/');
- res.end('Logged out | Home');
- });
- app.use("/browse", myAuth);
- app.use("/browse", function(req, res, next) {
- if ("root" === req.auth.user) {
- rootFs(req, res, function() {
- rootIndex(req, res, next);
- });
- return;
- }
- if ("user" === req.auth.user) {
- userFs(req, res, function() {
- userIndex(req, res, next);
- });
- return;
- }
- res.end("Sad Panda");
- });
-
- console.log("");
- console.log("");
- console.log("Usernames are\n");
- console.log("\troot");
- console.log("\tuser");
- console.log("");
- console.log("Password (for both) is\n");
- console.log("\t" + secret);
- console.log("");
- console.log("Shhhh... It's a secret to everybody!");
- console.log("");
- console.log("");
-
- return app;
-}
diff --git a/examples/old-vhost.js b/examples/old-vhost.js
deleted file mode 100644
index ed93322..0000000
--- a/examples/old-vhost.js
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/usr/bin/env node
-"use strict";
-
-///////////////////
-// vhost example //
-///////////////////
-
-//
-// virtual hosting example
-//
-
-// The prefix where sites go by name.
-// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path
-var srv = process.argv[3] || "/srv/www/";
-
-var path = require("path");
-var fs = require("fs").promises;
-var finalhandler = require("finalhandler");
-var serveStatic = require("serve-static");
-
-//var glx = require('greenlock-express')
-var glx = require("./").create({
- version: "draft-11", // Let's Encrypt v2 is ACME draft 11
-
- server: "https://acme-v02.api.letsencrypt.org/directory", // If at first you don't succeed, stop and switch to staging
- // https://acme-staging-v02.api.letsencrypt.org/directory
-
- configDir: process.argv[4] || "~/.config/acme/", // You MUST have access to write to directory where certs
- // are saved. ex: /home/foouser/.config/acme
-
- approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the
- // domain name here and reject invalid ones
-
- app: myVhostApp, // Any node-style http app (i.e. express, koa, hapi, rill)
-
- /* CHANGE TO A VALID EMAIL */
- email: process.argv[2] || "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security
- agreeTos: true // Accept Let's Encrypt ToS
- //, communityMember: true // Join Greenlock to get important updates, no spam
-
- //, debug: true
-});
-
-var server = glx.listen(80, 443);
-server.on("listening", function() {
- console.info(server.type + " listening on", server.address());
-});
-
-function myApproveDomains(opts, certs, cb) {
- console.log("sni:", opts.domain);
- // In this example the filesystem is our "database".
- // We check in /srv/www for whatever.com and if it exists, it's allowed
-
- // SECURITY Greenlock validates opts.domains ahead-of-time so you don't have to
- return checkWwws(opts.domains[0])
- .then(function() {
- //opts.email = email;
- opts.agreeTos = true;
- cb(null, { options: opts, certs: certs });
- })
- .catch(cb);
-}
-
-function checkWwws(_hostname) {
- if (!_hostname) {
- // SECURITY, don't allow access to the 'srv' root
- // (greenlock-express uses middleware to check '..', etc)
- return "";
- }
- var hostname = _hostname;
- var _hostdir = path.join(srv, hostname);
- var hostdir = _hostdir;
- // TODO could test for www/no-www both in directory
- return fs
- .readdir(hostdir)
- .then(function() {
- // TODO check for some sort of htaccess.json and use email in that
- // NOTE: you can also change other options such as `challengeType` and `challenge`
- // opts.challengeType = 'http-01';
- // opts.challenge = require('le-challenge-fs').create({});
- return hostname;
- })
- .catch(function() {
- if ("www." === hostname.slice(0, 4)) {
- // Assume we'll redirect to non-www if it's available.
- hostname = hostname.slice(4);
- hostdir = path.join(srv, hostname);
- return fs.readdir(hostdir).then(function() {
- // TODO list both domains?
- return hostname;
- });
- } else {
- // Or check and see if perhaps we should redirect non-www to www
- hostname = "www." + hostname;
- hostdir = path.join(srv, hostname);
- return fs.readdir(hostdir).then(function() {
- // TODO list both domains?
- return hostname;
- });
- }
- })
- .catch(function() {
- throw new Error("rejecting '" + _hostname + "' because '" + _hostdir + "' could not be read");
- });
-}
-
-function myVhostApp(req, res) {
- // SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access so you don't have to
- // (also: only domains approved above will get here)
- console.log("vhost:", req.headers.host);
- if (!req.headers.host) {
- // SECURITY, don't allow access to the 'srv' root
- // (greenlock-express uses middleware to check '..', etc)
- return res.end();
- }
-
- // We could cache wether or not a host exists for some amount of time
- var fin = finalhandler(req, res);
- return checkWwws(req.headers.host)
- .then(function(hostname) {
- if (hostname !== req.headers.host) {
- res.statusCode = 302;
- res.setHeader("Location", "https://" + hostname);
- // SECURITY this is safe only because greenlock disallows invalid hostnames
- res.end("");
- return;
- }
- var serve = serveStatic(path.join(srv, hostname), { redirect: true });
- serve(req, res, fin);
- })
- .catch(function() {
- fin();
- });
-}
diff --git a/examples/old-wildcard.js b/examples/old-wildcard.js
deleted file mode 100644
index 349846e..0000000
--- a/examples/old-wildcard.js
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/usr/bin/env node
-"use strict";
-/*global Promise*/
-
-///////////////////////
-// wildcard example //
-//////////////////////
-
-//
-// wildcard example
-//
-
-//var glx = require('greenlock-express')
-var glx = require("../").create({
- version: "draft-11", // Let's Encrypt v2 is ACME draft 11
-
- server: "https://acme-staging-v02.api.letsencrypt.org/directory",
- //, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
- // https://acme-staging-v02.api.letsencrypt.org/directory
-
- configDir: "~/acme/", // You MUST have access to write to directory where certs
- // are saved. ex: /home/foouser/.config/acme
-
- approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the
- // domain name here and reject invalid ones
-
- app: require("./my-express-app.js"), // Any node-style http app (i.e. express, koa, hapi, rill)
-
- /* CHANGE TO A VALID EMAIL */
- email: "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security
- agreeTos: true, // Accept Let's Encrypt ToS
- communityMember: true, // Join Greenlock to (very rarely) get important updates
-
- //, debug: true
- store: require("le-store-fs")
-});
-
-var server = glx.listen(80, 443);
-server.on("listening", function() {
- console.info(server.type + " listening on", server.address());
-});
-
-function myApproveDomains(opts) {
- console.log("sni:", opts.domain);
-
- // must be 'example.com' or start with 'example.com'
- if (
- "example.com" !== opts.domain &&
- "example.com" !==
- opts.domain
- .split(".")
- .slice(1)
- .join(".")
- ) {
- return Promise.reject(new Error("we don't serve your kind here: " + opts.domain));
- }
-
- // the primary domain for the cert
- opts.subject = "example.com";
- // the altnames (including the primary)
- opts.domains = [opts.subject, "*.example.com"];
-
- if (!opts.challenges) {
- opts.challenges = {};
- }
- opts.challenges["http-01"] = require("le-challenge-fs").create({});
- // Note: When implementing a dns-01 plugin you should make it check in a loop
- // until it can positively confirm that the DNS changes have propagated.
- // That could take several seconds to a few minutes.
- opts.challenges["dns-01"] = require("le-challenge-dns").create({});
-
- // explicitly set account id and certificate.id
- opts.account = { id: opts.email };
- opts.certificate = { id: opts.subject };
-
- return Promise.resolve(opts);
-}