Compare commits
No commits in common. "master" and "v2.0.4" have entirely different histories.
|
@ -2,11 +2,10 @@
|
|||
ATTENTION!
|
||||
==========
|
||||
|
||||
Please report issues at https://git.coolaj86.com/coolaj86/greenlock-express.js
|
||||
Please report issues at https://github.com/Daplie/letsencrypt-express
|
||||
|
||||
========
|
||||
ACHTUNG!
|
||||
========
|
||||
|
||||
Bitte melden Sie Probleme bei
|
||||
https://git.coolaj86.com/coolaj86/greenlock-express.js
|
||||
Bitte melden Sie Probleme bei https://github.com/Daplie/letsencrypt-express
|
||||
|
|
31
LICENSE
31
LICENSE
|
@ -1,32 +1,3 @@
|
|||
At your option you may choose either of the following licenses:
|
||||
|
||||
* The MIT License (MIT)
|
||||
* The Apache License 2.0 (Apache-2.0)
|
||||
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2018 AJ ONeal
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
@ -215,7 +186,7 @@ SOFTWARE.
|
|||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright 2015 AJ ONeal
|
||||
Copyright {yyyy} {name of copyright owner}
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
149
README.md
149
README.md
|
@ -1,114 +1,105 @@
|
|||
# Greenlock™ for rill
|
||||
<!-- BANNER_TPL_BEGIN -->
|
||||
|
||||
An Automated HTTPS ACME client (Let's Encrypt v2) for rill
|
||||
About Daplie: We're taking back the Internet!
|
||||
--------------
|
||||
|
||||
Greenlock™ for
|
||||
[Browsers](https://git.coolaj86.com/coolaj86/greenlock.html),
|
||||
[Node.js](https://git.coolaj86.com/coolaj86/greenlock.js),
|
||||
[Commandline](https://git.coolaj86.com/coolaj86/greenlock-cli.js),
|
||||
[Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js),
|
||||
[Node.js Cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js),
|
||||
[hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js),
|
||||
[Koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js),
|
||||
and **rill**
|
||||
| Sponsered by [ppl](https://ppl.family)
|
||||
Down with Google, Apple, and Facebook!
|
||||
|
||||
Features
|
||||
========
|
||||
We're re-decentralizing the web and making it read-write again - one home cloud system at a time.
|
||||
|
||||
* [x] Automatic Registration via SNI (`httpsOptions.SNICallback`)
|
||||
* [x] Secure domain approval callback
|
||||
* [x] Automatic renewal between 10 and 14 days before expiration
|
||||
* [x] Virtual Hosting (vhost) with Multiple Domains & SAN
|
||||
* [x] and [more](https://git.coolaj86.com/coolaj86/greenlock-express.js)
|
||||
* [x] plugins for AWS, redis, and more
|
||||
Tired of serving the Empire? Come join the Rebel Alliance:
|
||||
|
||||
This module is just an alias for greenlock-express.js,
|
||||
which works with any middleware system.
|
||||
<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone
|
||||
|
||||
<!-- BANNER_TPL_END -->
|
||||
|
||||
# greenlock-koa (greenlock-koa)
|
||||
|
||||
[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
|
||||
| [greenlock (lib)](https://git.daplie.com/Daplie/node-greenlock)
|
||||
| [greenlock-cli](https://git.daplie.com/Daplie/greenlock-cli)
|
||||
| [greenlock-express](https://git.daplie.com/Daplie/greenlock-express)
|
||||
| [greenlock-cluster](https://git.daplie.com/Daplie/greenlock-cluster)
|
||||
| **greenlock-koa**
|
||||
| [greenlock-hapi](https://git.daplie.com/Daplie/greenlock-hapi)
|
||||
|
|
||||
|
||||
Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt
|
||||
|
||||
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
|
||||
* **registrations** require an **approval callback** in *production*
|
||||
* Automatic Renewal (around 80 days)
|
||||
* **renewals** are *fully automatic* and happen in the *background*, with **no downtime**
|
||||
* Automatic vhost / virtual hosting
|
||||
|
||||
All you have to do is start the webserver and then visit it at it's domain name.
|
||||
|
||||
## Install
|
||||
|
||||
```
|
||||
npm install --save greenlock-rill@2.x
|
||||
npm install --save greenlock-express@2.x
|
||||
```
|
||||
|
||||
QuickStart
|
||||
==========
|
||||
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express)
|
||||
|
||||
### Part 1: Setup
|
||||
|
||||
```javascript
|
||||
'use strict';
|
||||
|
||||
//////////////////////
|
||||
// Greenlock Setup //
|
||||
//////////////////////
|
||||
var le = require('greenlock-express').create({
|
||||
server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory'
|
||||
|
||||
, configDir: require('os').homedir() + '/letsencrypt/etc'
|
||||
|
||||
var greenlock = require('greenlock-rill').create({
|
||||
version: 'draft-11' // Let's Encrypt v2
|
||||
// You MUST change this to 'https://acme-v02.api.letsencrypt.org/directory' in production
|
||||
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
, approveDomains: function (opts, certs, cb) {
|
||||
opts.domains = certs && certs.altnames || opts.domains;
|
||||
opts.email = 'john.doe@example.com' // CHANGE ME
|
||||
opts.agreeTos = true;
|
||||
|
||||
, email: 'jon@example.com'
|
||||
, agreeTos: true
|
||||
, approveDomains: [ 'example.com' ]
|
||||
cb(null, { options: opts, certs: certs });
|
||||
}
|
||||
|
||||
// Join the community to get notified of important updates
|
||||
// and help make greenlock better
|
||||
, communityMember: true
|
||||
|
||||
, configDir: require('os').homedir() + '/acme/etc'
|
||||
|
||||
//, debug: true
|
||||
, debug: true
|
||||
});
|
||||
```
|
||||
|
||||
WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually*:
|
||||
|
||||
///////////////////
|
||||
// Just add rill //
|
||||
///////////////////
|
||||
```bash
|
||||
npm install -g greenlock-cli
|
||||
|
||||
greenlock certonly --standalone \
|
||||
--server 'https://acme-v01.api.letsencrypt.org/directory' \
|
||||
--config-dir ~/letsencrypt/etc \
|
||||
--agree-tos --domains example.com --email user@example.com
|
||||
|
||||
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
|
||||
```
|
||||
|
||||
### Part 2: Just add Koa
|
||||
|
||||
```javascript
|
||||
var http = require('http');
|
||||
var https = require('https');
|
||||
var Rill = require('rill');
|
||||
var app = new Rill();
|
||||
var https = require('spdy');
|
||||
var koa = require('koa');
|
||||
var app = koa();
|
||||
|
||||
app.use(({ req, res }, next)=> {
|
||||
res.body = 'Hello, World!';
|
||||
app.use(function *() {
|
||||
this.body = 'Hello World';
|
||||
});
|
||||
|
||||
// https server
|
||||
var server = https.createServer(greenlock.tlsOptions, greenlock.middleware(app.handler()));
|
||||
var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));
|
||||
|
||||
server.listen(443, function () {
|
||||
console.log('Listening at https://localhost:' + this.address().port);
|
||||
});
|
||||
|
||||
|
||||
// http redirect to https
|
||||
var http = require('http');
|
||||
var redirectHttps = require('redirect-https')();
|
||||
http.createServer(greenlock.middleware(redirectHttps)).listen(80, function () {
|
||||
console.log('Listening on port 80 to handle ACME http-01 challenge and redirect to https');
|
||||
var redirectHttps = koa().use(require('koa-sslify')()).callback();
|
||||
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
|
||||
console.log('handle ACME http-01 challenge and redirect to https');
|
||||
});
|
||||
```
|
||||
|
||||
Usage & Troubleshooting
|
||||
============================
|
||||
|
||||
See <https://git.coolaj86.com/coolaj86/greenlock-express.js>
|
||||
|
||||
Handling a dynamic list of domains
|
||||
========================
|
||||
|
||||
In the oversimplified exapmple above we handle a static list of domains.
|
||||
If you add domains programmatically you'll want to use the `approveDomains`
|
||||
callback.
|
||||
|
||||
**SECURITY**: Be careful with this.
|
||||
If you don't check that the domains being requested are the domains you
|
||||
allow an attacker can make you hit your rate limit for failed verification
|
||||
attempts.
|
||||
|
||||
We have a
|
||||
[vhost example](https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/vhost.js)
|
||||
that allows any domain for which there is a folder on the filesystem in a specific location.
|
||||
|
||||
See that example for an idea of how this is done.
|
||||
|
|
8
index.js
8
index.js
|
@ -1,8 +0,0 @@
|
|||
'use strict';
|
||||
|
||||
module.exports = require('greenlock-express');
|
||||
module.exports._greenlockExpressCreate = module.exports.create;
|
||||
module.create = function (opts) {
|
||||
opts._communityPackage = opts._communityPackage || 'greenlock-rill';
|
||||
return module.exports._greenlockExpressCreate(opts);
|
||||
};
|
17
package.json
17
package.json
|
@ -1,15 +1,14 @@
|
|||
{
|
||||
"name": "greenlock-rill",
|
||||
"homepage": "https://git.coolaj86.com/coolaj86/greenlock-rill.js",
|
||||
"version": "2.1.4",
|
||||
"description": "An Automated HTTPS ACME client (Let's Encrypt v2) for rill",
|
||||
"name": "greenlock-koa",
|
||||
"version": "2.0.4",
|
||||
"description": "Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via ACME (Let's Encrypt)",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://git.coolaj86.com/coolaj86/greenlock-rill.js.git"
|
||||
"url": "git+https://git.daplie.com/Daplie/greenlock-koa.git"
|
||||
},
|
||||
"keywords": [
|
||||
"acme",
|
||||
|
@ -17,17 +16,17 @@
|
|||
"cluster",
|
||||
"free",
|
||||
"greenlock",
|
||||
"freessl",
|
||||
"free ssl",
|
||||
"https",
|
||||
"rill",
|
||||
"koa",
|
||||
"le",
|
||||
"letsencrypt",
|
||||
"multi-core",
|
||||
"node",
|
||||
"node.js",
|
||||
"scale",
|
||||
"ssl",
|
||||
"tls"
|
||||
],
|
||||
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
|
||||
"author": "AJ ONeal <aj@daplie.com> (https://daplie.com/)",
|
||||
"license": "(MIT OR Apache-2.0)"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue