mirror of
				https://github.com/therootcompany/greenlock.js.git
				synced 2025-10-25 09:22:48 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			75 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			75 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| 'use strict';
 | |
| 
 | |
| var letsencrypt = require('letsencrypt');
 | |
| var networkInterfaces = require('os').networkInterfaces();
 | |
| var ipify = require('ipify');
 | |
| 
 | |
| function getSecureContext(le, hostname, cb) {
 | |
|   hostname = hostname.replace(/^www\./, '');
 | |
| 
 | |
|   function needsRegistration(hostnames, cb) {
 | |
|     //
 | |
|     // IMPORTANT
 | |
|     //
 | |
|     // Before attempting a dynamic registration you need to validate that
 | |
|     //
 | |
|     //   * these are hostnames that you expected to exist on the system
 | |
|     //   * their A records currently point to this ip
 | |
|     //   * this system's ip hasn't changed
 | |
|     //
 | |
|     //  If you do not check these things, then someone could attack you
 | |
|     //  and cause you, in return, to have your ip be rate-limit blocked
 | |
|     //
 | |
|     le.validate(hostnames, {
 | |
|       networkInterfaces: networkInterfaces
 | |
|     , ipify: ipify
 | |
|     }, function (err) {
 | |
|       if (err) {
 | |
|         cb(null, null);
 | |
|         return;
 | |
|       }
 | |
| 
 | |
|       // these hostnames need to be registered
 | |
|       //
 | |
|       cb(null, {
 | |
|         email: 'john.doe@gmail.com'
 | |
|       , agreeTos: true
 | |
|       , domains: ['www.' + hostname, hostname]
 | |
|       });
 | |
|     });
 | |
|   }
 | |
| 
 | |
|   // secure contexts will be cached
 | |
|   // renewals will be checked in the background
 | |
| 
 | |
|   le.get(hostname, needsRegistration, function (secureContext) {
 | |
|     // this will fallback to the localCerts if the domain cannot be registered
 | |
|     if (!secureContext) {
 | |
|       var localCerts = require('localhost.daplie.com-certificates');
 | |
|       secureContext = localCerts;
 | |
|     }
 | |
|     cb(null, secureContext);
 | |
|   }, function (err) {
 | |
|     cb(err);
 | |
|   });
 | |
| }
 | |
| 
 | |
| letsencrypt.create(
 | |
|   '/home/user/.local/share/letsencrypt/bin/letsencrypt'
 | |
|   // set some defaults
 | |
| , { configDir: '/etc/letsencrypt'
 | |
|   , workDir: '/var/lib/letsencrypt'
 | |
|   , logsDir: '/var/log/letsencrypt'
 | |
|   , standalone: true
 | |
|   //, webroot: true
 | |
|   //, webrootPath: '/srv/www/acme-challenges/'
 | |
|   }
 | |
| , { cacheContextsFor: 1 * 60 * 60 * 1000 // 1 hour
 | |
|   , cacheRenewChecksFor: 3 * 24 * 60 * 60 * 1000 // 3 days
 | |
|   }
 | |
| ).then(function (le) {
 | |
|   getSecureContext(le, 'example.com', function (secureContext) {
 | |
|     console.log(secureContext);
 | |
|   });
 | |
| });
 |