greenlock-rill.js/README.md

3.4 KiB

Daplie is Taking Back the Internet!

Stop serving the empire and join the rebel alliance!

letsencrypt-koa

Join the chat at https://gitter.im/Daplie/letsencrypt-express

| letsencrypt (lib) | letsencrypt-cli | letsencrypt-express | letsencrypt-cluster | letsencrypt-koa | letsencrypt-hapi |

Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt

  • Automatic Registration via SNI (httpsOptions.SNICallback)
    • registrations require an approval callback in production
  • Automatic Renewal (around 80 days)
    • renewals are fully automatic and happen in the background, with no downtime
  • Automatic vhost / virtual hosting

All you have to do is start the webserver and then visit it at it's domain name.

Install

npm install --save letsencrypt-express@2.x

Pay no attention to the man behind the curtain. (just ignore that the name of the module is letsencrypt-express)

Part 1: Setup

'use strict';

var le = require('letsencrypt-express').create({
  server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory'
  
, configDir: require('os').homedir() + '/letsencrypt/etc'

, approveDomains: function (opts, certs, cb) {
    opts.domains = certs && certs.altnames || opts.domains;
    opts.email = 'john.doe@example.com' // CHANGE ME
    opts.agreeTos = true;

    cb(null, { options: opts, certs: certs });
  }

 , debug: true
});

WARNING: If you don't do any checks and simply complete approveRegistration callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration manually:

npm install -g letsencrypt-cli

letsencrypt certonly --standalone \
  --server 'https://acme-v01.api.letsencrypt.org/directory' \
  --config-dir ~/letsencrypt/etc \
  --agree-tos --domains example.com --email user@example.com
  
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.

Part 2: Just add Koa

var http = require('http');
var https = require('spdy');
var koa = require('koa');
var app = koa();

app.use(function *() {
  this.body = 'Hello World';
});

var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));

server.listen(443, function () {
 console.log('Listening at https://localhost:' + this.address().port);
});


var http = require('http');
var redirectHttps = koa().use(require('koa-sslify')()).callback();
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
  console.log('handle ACME http-01 challenge and redirect to https');
});