About Daplie: We're taking back the Internet! -------------- Down with Google, Apple, and Facebook! We're re-decentralizing the web and making it read-write again - one home cloud system at a time. Tired of serving the Empire? Come join the Rebel Alliance: jobs@daplie.com | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone # greenlock-hapi (letsencrypt-hapi) [![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) | [greenlock (lib)](https://git.daplie.com/Daplie/node-greenlock) | [greenlock-cli](https://git.daplie.com/Daplie/greenlock-cli) | [greenlock-express](https://git.daplie.com/Daplie/greenlock-express) | [greenlock-cluster](https://git.daplie.com/Daplie/greenlock-cluster) | [greenlock-koa](https://git.daplie.com/Daplie/greenlock-koa) | **greenlock-hapi** | Free SSL and Automatic HTTPS for node.js with hapi.js and other middleware systems via Let's Encrypt * Automatic Registration via SNI (`httpsOptions.SNICallback`) * **registrations** require an **approval callback** in *production* * Automatic Renewal (around 80 days) * **renewals** are *fully automatic* and happen in the *background*, with **no downtime** * Automatic vhost / virtual hosting All you have to do is start the webserver and then visit it at it's domain name. ## Install ``` npm install --save greenlock-express@2.x ``` *Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express) ### Part 1: Configure Greenlock ```javascript 'use strict'; var le = require('greenlock-express').create({ server: 'staging' // in production use https://acme-v01.api.letsencrypt.org/directory , configDir: require('os').homedir() + '/letsencrypt/etc' , approveDomains: function (opts, certs, cb) { opts.domains = certs && certs.altnames || opts.domains; opts.email = 'john.doe@example.com' // CHANGE ME opts.agreeTos = true; cb(null, { options: opts, certs: certs }); } , debug: true }); ``` WARNING: If you don't do any checks and simply complete `approveDomains` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and/or blocked from the ACME server. Alternatively, You can run registration *manually*: ```bash npm install -g greenlock-cli greenlock certonly --standalone \ --server 'https://acme-v01.api.letsencrypt.org/directory' \ --config-dir ~/letsencrypt/etc \ --agree-tos --domains example.com --email user@example.com # Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert. ``` ### Part 2: Just add Hapi ```javascript var hapi = require('hapi'); var https = require('spdy'); var server = new hapi.Server(); var acmeResponder = le.middleware(); var httpsServer = https.createServer(le.httpsOptions).listen(443); server.connection({ listener: httpsServer, autoListen: false, tls: true }); server.route({ method: 'GET' , path: '/.well-known/acme-challenge' , handler: function (request, reply) { var req = request.raw.req; var res = request.raw.res; reply.close(false); acmeResponder(req, res); } }); server.route({ method: 'GET' , path: '/' , handler: function (request, reply) { reply("Hello, I'm so Hapi!"); } }); ``` ### Part 3: Redirect http to https ```javascript var http = require('http'); var redirectHttps = require('redirect-https')(); http.createServer(le.middleware(redirectHttps)).listen(80, function () { console.log('handle ACME http-01 challenge and redirect to https'); }); ```