[doc] clarify usage of non-standard ports #8

New Issue

Open

opened 2019-11-02 01:15:37 +00:00 by Ghost · 18 comments

Ghost commented 2019-11-02 01:15:37 +00:00

Copy Link

Hi AJ,

I am looking at the changes to Greenlock Express. I have an https server also using web sockets. From examples, I understand that the preferred method is to use glx.serveApp to start the servers. Now I am wondering how to then pass the https server to websockets. The websockets examples calls glx.httpsServer() instead but doing that would try to start another server. I am wondering if it would not be better to return [secureServer, plainServer] in the resolve() call below:

secureServer.listen(securePort, secureAddr, function() {
  console.info(idstr + "Listening on", secureAddr + ":" + securePort, "for secure traffic");

  plainServer.removeListener("error", startError);
  secureServer.removeListener("error", startError);
  resolve();
});

so that server variables can then be used for other tasks (like websockets or a clean shutdown for instance). What do you think?

Hi AJ, I am looking at the changes to Greenlock Express. I have an https server also using web sockets. From examples, I understand that the preferred method is to use glx.serveApp to start the servers. Now I am wondering how to then pass the https server to websockets. The websockets examples calls glx.httpsServer() instead but doing that would try to start another server. I am wondering if it would not be better to return [secureServer, plainServer] in the resolve() call below: ``` secureServer.listen(securePort, secureAddr, function() { console.info(idstr + "Listening on", secureAddr + ":" + securePort, "for secure traffic"); plainServer.removeListener("error", startError); secureServer.removeListener("error", startError); resolve(); }); ``` so that server variables can then be used for other tasks (like websockets or a clean shutdown for instance). What do you think?

Ghost commented 2019-11-02 01:31:04 +00:00

Author

Copy Link

Follow-up question: Are you planning to make plainPort/securePort configurable?

I guess if not, then I should probably write my own serveApp function.

Follow-up question: Are you planning to make plainPort/securePort configurable? I guess if not, then I should probably write my own serveApp function.

Ghost commented 2019-11-02 01:40:53 +00:00

Author

Copy Link

Nevermind, I see the servers are available as glx.httpsServer() and glx.httpServer(). My question about plainPort/securePort still stands though.

Nevermind, I see the servers are available as glx.httpsServer() and glx.httpServer(). My question about plainPort/securePort still stands though.

coolaj86 commented 2019-11-02 02:35:35 +00:00

Owner

Copy Link

If you are using http-01 challenges either you MUST use port 80 or you must have a proxy sending traffic to you on the other port.

Likewise, if you are using tls-alpn-01 challenges you MUST use port 443.

If you use dns-01 challenges, then validation is done out of band.

If you are using http-01 challenges either you MUST use port 80 or you must have a proxy sending traffic to you on the other port. Likewise, if you are using tls-alpn-01 challenges you MUST use port 443. If you use dns-01 challenges, then validation is done out of band.

Ghost commented 2019-11-02 02:38:22 +00:00

Author

Copy Link

What if I'm on a docker machine and using port remapping?

What if I'm on a docker machine and using port remapping?

coolaj86 commented 2019-11-02 02:39:30 +00:00

Owner

Copy Link

That would count as a proxy.

But why bother? Why not just run it on the standard ports even in Docker?

That would count as a proxy. But why bother? Why not just run it on the standard ports even in Docker?

Ghost commented 2019-11-02 02:57:05 +00:00

Author

Copy Link

Not sure there is a reason for it but I do.

Not sure there is a reason for it but I do.

coolaj86 commented 2019-11-02 04:21:05 +00:00

Owner

Copy Link

Did you get it sorted out?

Did you get it sorted out?

Ghost commented 2019-11-02 04:28:33 +00:00

Author

Copy Link

I would appreciate being able to specify the ports. I am waiting for the new cloudflare dns-01 plugin to test things out with v3.

I would appreciate being able to specify the ports. I am waiting for the new cloudflare dns-01 plugin to test things out with v3.

coolaj86 commented 2019-11-02 04:30:40 +00:00

Owner

Copy Link

You can specify the ports. I thought you said you found it in the example:

I see the servers are available as glx.httpsServer() and glx.httpServer()

var plainServer = glx.httpServer();
plainServer.listen(port, addr);

var secureServer = glx.httpsServer(null, myApp);
secureServer.listen(port, addr);

(and then you don't call serveApp(myApp))

See https://git.rootprojects.org/root/greenlock-express.js/src/branch/master/examples/https/server.js#L24

You can specify the ports. I thought you said you found it in the example: > I see the servers are available as glx.httpsServer() and glx.httpServer() ``` var plainServer = glx.httpServer(); plainServer.listen(port, addr); ``` ``` var secureServer = glx.httpsServer(null, myApp); secureServer.listen(port, addr); ``` (and then you **don't** call `serveApp(myApp)`) See https://git.rootprojects.org/root/greenlock-express.js/src/branch/master/examples/https/server.js#L24

Ghost commented 2019-11-02 04:33:51 +00:00

Author

Copy Link

Oh yes sure. I meant I would prefer to be able to use serveApp and specify the ports. Otherwise I will just replicate part of serveApp locally, so it's not a huge issue if you prefer not to add the port configuration functionality.

Oh yes sure. I meant I would prefer to be able to use serveApp and specify the ports. Otherwise I will just replicate part of serveApp locally, so it's not a huge issue if you prefer not to add the port configuration functionality.

coolaj86 commented 2019-11-02 04:51:47 +00:00

Owner

Copy Link

There's nothing to replicate. serverApp just calls glx.httpServer(redirector) and then glx.httpsServer(null, myApp).

See https://git.rootprojects.org/root/greenlock-express.js/src/branch/master/servers.js#L79

Well, I suppose there is require("redirect-https")(). But I could just make that the default when called with no other argument. In fact, I will.... 37c3aee Done.

There's nothing to replicate. serverApp just calls `glx.httpServer(redirector)` and then `glx.httpsServer(null, myApp)`. See https://git.rootprojects.org/root/greenlock-express.js/src/branch/master/servers.js#L79 Well, I suppose there is `require("redirect-https")()`. But I could just make that the default when called with no other argument. In fact, I will.... 37c3aee Done.

Ghost commented 2019-11-02 05:07:25 +00:00

Author

Copy Link

I see what you're saying. I can just still start the servers the same way I use to. I guess I was just trying to avoid replicating code that you already provide.

I see what you're saying. I can just still start the servers the same way I use to. I guess I was just trying to avoid replicating code that you already provide.

coolaj86 commented 2019-11-02 05:31:42 +00:00

Owner

Copy Link

Oh, you mean the 4 lines?

I thought about having the option for passing port numbers, but all that ever happens is that people don't understand what they're doing and they get it wrong and open an issue, so I figured it's better to just have a "raw https server example" with a comment that says "you must use ports 80 and 443" rather than giving people too many "advanced" options that are just going to confuse them.

The biggest documentation challenge I'm facing right now is how to help people utilize the store callbacks so that they aren't duplicating work, and the manage callbacks so that they aren't creating security holes for various rate limit DoS attacks.

A lot of people have code to get certificates and then upload them elsewhere... which is the whole purpose of the certificate.setKeypair and certificate.set callbacks.

Oh, you mean the 4 lines? I thought about having the option for passing port numbers, but all that ever happens is that people don't understand what they're doing and they get it wrong and open an issue, so I figured it's better to just have a "raw https server example" with a comment that says "you must use ports 80 and 443" rather than giving people too many "advanced" options that are just going to confuse them. The biggest documentation challenge I'm facing right now is how to help people utilize the `store` callbacks so that they aren't duplicating work, and the `manage` callbacks so that they aren't creating security holes for various rate limit DoS attacks. A lot of people have code to get certificates and then upload them elsewhere... which is the whole purpose of the `certificate.setKeypair` and `certificate.set` callbacks.

Ghost commented 2019-11-02 05:36:32 +00:00

Author

Copy Link

Haha yeah. Understood. I have not looked into that part yet and was actually looking for documentation on the init config (which I saw somewhere but cannot seem to find anymore).

Haha yeah. Understood. I have not looked into that part yet and was actually looking for documentation on the init config (which I saw somewhere but cannot seem to find anymore).

coolaj86 commented 2019-11-02 05:39:59 +00:00

Owner

Copy Link

Most of the core docs are in the Greenlock repo under "JavaScript API":

https://git.rootprojects.org/root/greenlock.js

The use of the <details> element is a double-edged sword. It makes it easy to organize, but difficult to search.

Most of the core docs are in the Greenlock repo under "JavaScript API": https://git.rootprojects.org/root/greenlock.js The use of the `<details>` element is a double-edged sword. It makes it easy to organize, but difficult to search.

Ghost commented 2019-11-02 06:07:57 +00:00

Author

Copy Link

Seeing this under acme-dns-01-digitalocean documentation:

var Greenlock = require('greenlock-express');
var greenlock = Greenlock.create({
	challenges: {
		'dns-01': dns01
		// ...
	}
});

but then this under GreenLock-Express:

require("greenlock-express")
    .init(function getConfig() {
        // Greenlock Config

        return {
            package: { name: pkg.name, version: pkg.version },
            maintainerEmail: pkg.author,
            cluster: false
        };
    })
    .serve(httpsWorker);

makes things a bit confusing. Which one am I supposed to use? create or init/serve?

Seeing this under acme-dns-01-digitalocean documentation: ``` var Greenlock = require('greenlock-express'); var greenlock = Greenlock.create({ challenges: { 'dns-01': dns01 // ... } }); ``` but then this under GreenLock-Express: ``` require("greenlock-express") .init(function getConfig() { // Greenlock Config return { package: { name: pkg.name, version: pkg.version }, maintainerEmail: pkg.author, cluster: false }; }) .serve(httpsWorker); ``` makes things a bit confusing. Which one am I supposed to use? create or init/serve?

coolaj86 commented 2019-11-02 16:07:42 +00:00

Owner

Copy Link

That's the Greenlock v2 documentation. It'll take me a while to update everything. If you could PR to update it, that would be nice.

// Make it the default
greenlock.manager.defaults({
  challenges: {
    "dns-01": {
      module: "acme-dns-01-digital-ocean",
      token: "xxxx"
    }
  }
});

// use that configuration for a specific site
greenlock.add({
  subject: 'example.com',
  altnames: ['example.com','www.example.com']
  challenges: {
    "dns-01": {
      module: "acme-dns-01-digital-ocean",
      token: "xxxx"
    }
  }
});

I'm going to be spending time today to go update them... but there are a dozen.

That's the Greenlock v2 documentation. It'll take me a while to update everything. If you could PR to update it, that would be nice. ``` // Make it the default greenlock.manager.defaults({ challenges: { "dns-01": { module: "acme-dns-01-digital-ocean", token: "xxxx" } } }); ``` ``` // use that configuration for a specific site greenlock.add({ subject: 'example.com', altnames: ['example.com','www.example.com'] challenges: { "dns-01": { module: "acme-dns-01-digital-ocean", token: "xxxx" } } }); ``` I'm going to be spending time today to go update them... but there are a dozen.

coolaj86 commented 2019-11-02 18:06:05 +00:00

Owner

Copy Link

If you'd like to help, just pick one:

https://git.coolaj86.com/coolaj86/acme-http-01-test.js/issues/1

If you'd like to help, just pick one: https://git.coolaj86.com/coolaj86/acme-http-01-test.js/issues/1

coolaj86 changed title from serveApp secureServer/plainServer variables are inaccessible to [doc] clarify usage of non-standard ports 2019-11-03 03:45:39 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

github

next

v4

npm

v3

v2

beta

v2.0

greenlock

express

v1.x

v4.0.4

v4.0.3

v4.0.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.7.18

v2.7.17

v2.7.16

v2.7.15

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.6

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.4

v2.3.2

v1.3.1

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.2.0

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock-express.js#8

No description provided.