greenlock-rill.js/README.md

88 lines
3.1 KiB
Markdown
Raw Normal View History

2016-04-22 18:12:45 +00:00
[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
2016-04-22 18:20:15 +00:00
| [letsencrypt (library)](https://github.com/Daplie/node-letsencrypt)
| [letsencrypt-cli](https://github.com/Daplie/letsencrypt-cli)
| [letsencrypt-express](https://github.com/Daplie/letsencrypt-express)
| **letsencrypt-koa**
| [letsencrypt-hapi](https://github.com/Daplie/letsencrypt-hapi)
|
2016-04-18 17:05:06 +00:00
# letsencrypt-koa
2016-04-18 17:07:30 +00:00
2016-04-18 17:05:06 +00:00
Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt
2016-04-18 17:07:30 +00:00
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
* **registrations** require an **approval callback** in *production*
* Automatic Renewal (around 80 days)
* **renewals** are *fully automatic* and happen in the *background*, with **no downtime**
* Automatic vhost / virtual hosting
All you have to do is start the webserver and then visit it at it's domain name.
## Install
```
2016-08-11 16:41:41 +00:00
npm install --save letsencrypt-express@1.x
2016-04-18 17:07:30 +00:00
```
2016-04-18 17:08:49 +00:00
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is letsencrypt-express)
2016-04-18 17:07:30 +00:00
### Part 1: Setup
```javascript
'use strict';
/* Note: using staging server url, remove .testing() for production
Using .testing() will overwrite the debug flag with true */
var LEX = require('letsencrypt-express').testing();
var lex = LEX.create({
configDir: require('os').homedir() + '/letsencrypt/etc'
, approveRegistration: function (hostname, cb) { // leave `null` to disable automatic registration
// Note: this is the place to check your database to get the user associated with this domain
cb(null, {
domains: [hostname]
, email: 'CHANGE_ME' // user@example.com
, agreeTos: true
});
}
});
```
WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually*:
```bash
npm install -g letsencrypt-cli
letsencrypt certonly --standalone \
--config-dir ~/letsencrypt/etc \
--agree-tos --domains example.com --email user@example.com
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```
### Part 2: Just add Koa
```javascript
var http = require('http');
2016-04-18 17:09:44 +00:00
var https = require('spdy');
2016-04-18 17:07:30 +00:00
var koa = require('koa');
var app = koa();
2016-06-10 17:14:24 +00:00
var redirectHttps = koa().use(require('koa-sslify')()).callback();
2016-04-18 17:07:30 +00:00
app.use(function *() {
this.body = 'Hello World';
});
var server = https.createServer(lex.httpsOptions, LEX.createAcmeResponder(lex, app.callback()));
var redirectServer = http.createServer(LEX.createAcmeResponder(lex, redirectHttps)));
server.listen(443, function () {
console.log('Listening at https://localhost:' + this.address().port);
});
redirectServer.listen(80, function () {
console.log('Redirecting insecure traffic from http://localhost:' + this.address().port + ' to https');
});
```