Compare commits
11 Commits
Author | SHA1 | Date |
---|---|---|
AJ ONeal | e0912d0f76 | |
AJ ONeal | 1f3e2670b9 | |
Michael Yin | 6c8de20090 | |
AJ ONeal | fd06582813 | |
AJ ONeal | 14458181bf | |
AJ ONeal | 65f0989b44 | |
AJ ONeal | c92dde1b87 | |
AJ ONeal | 19dd9a95f4 | |
AJ ONeal | 894b687ff7 | |
AJ ONeal | 7cebf47125 | |
AJ ONeal | ff39ea58c7 |
20
README.md
20
README.md
|
@ -31,8 +31,8 @@ With node-letsencrypt
|
|||
|
||||
var leSni = require('le-sni-auto').create({
|
||||
|
||||
renewWithin: 10 * 24 * 60 * 60 1000 // do not renew more than 10 days before expiration
|
||||
, renewBy: 5 * 24 * 60 * 60 1000 // do not wait more than 5 days before expiration
|
||||
renewWithin: 14 * 24 * 60 * 60 1000 // do not renew more than 14 days before expiration
|
||||
, renewBy: 10 * 24 * 60 * 60 1000 // do not wait more than 10 days before expiration
|
||||
|
||||
, tlsOptions: {
|
||||
rejectUnauthorized: true // These options will be used with tls.createSecureContext()
|
||||
|
@ -78,8 +78,8 @@ Standalone
|
|||
|
||||
|
||||
var leSni = require('le-sni-auto').create({
|
||||
renewWithin: 10 * 24 * 60 * 60 1000 // do not renew prior to 10 days before expiration
|
||||
, renewBy: 5 * 24 * 60 * 60 1000 // do not wait more than 5 days before expiration
|
||||
renewWithin: 14 * 24 * 60 * 60 1000 // do not renew prior to 10 days before expiration
|
||||
, renewBy: 10 * 24 * 60 * 60 1000 // do not wait more than 5 days before expiration
|
||||
|
||||
// key (privkey.pem) and cert (cert.pem + chain.pem) will be provided by letsencrypt
|
||||
, tlsOptions: { rejectUnauthorized: true, requestCert: false, ca: null, crl: null }
|
||||
|
@ -92,11 +92,9 @@ var leSni = require('le-sni-auto').create({
|
|||
|
||||
|
||||
|
||||
// some default certificates that work with localhost
|
||||
// (because default certificates are required as a fallback)
|
||||
var tlsOptions = require('localhost.daplie.me-certificates').merge({
|
||||
var tlsOptions = {
|
||||
SNICallback: leSni.sniCallback
|
||||
});
|
||||
};
|
||||
|
||||
https.createServer(tlsOptions, app);
|
||||
```
|
||||
|
@ -145,12 +143,12 @@ This gets passed to `https.createServer(tlsOptions, app)` as `tlsOptions.SNICall
|
|||
|
||||
```javascript
|
||||
var leSni = require('le-sni-auto').create({
|
||||
renewWithin: 10 * 24 * 60 * 60 1000
|
||||
renewWithin: 14 * 24 * 60 * 60 1000
|
||||
});
|
||||
|
||||
var tlsOptions = require('localhost.daplie.com-certificates').merge({
|
||||
var tlsOptions = {
|
||||
SNICallback: leSni.sniCallback
|
||||
});
|
||||
};
|
||||
|
||||
function app(req, res) {
|
||||
res.end("Hello, World!");
|
||||
|
|
31
index.js
31
index.js
|
@ -1,29 +1,38 @@
|
|||
'use strict';
|
||||
|
||||
var DAY = 24 * 60 * 60 * 1000;
|
||||
var HOUR = 60 * 60 * 1000;
|
||||
var MIN = 60 * 1000;
|
||||
var defaults = {
|
||||
// don't renew before the renewWithin period
|
||||
renewWithin: 14 * DAY
|
||||
, _renewWithinMin: 10 * DAY
|
||||
renewWithin: 30 * DAY
|
||||
, _renewWithinMin: 3 * DAY
|
||||
// renew before the renewBy period
|
||||
, renewBy: 2 * DAY
|
||||
, renewBy: 21 * DAY
|
||||
, _renewByMin: Math.floor(DAY / 2)
|
||||
// just to account for clock skew really
|
||||
, _dropDead: 5 * MIN
|
||||
};
|
||||
var promisify = require('util').promisify;
|
||||
if (!promisify) {
|
||||
try {
|
||||
promisify = require('bluebird').promisify;
|
||||
} catch(e) {
|
||||
console.error("You're running an older version of node that doesn't have 'promisify'. Please run 'npm install bluebird --save'.");
|
||||
}
|
||||
}
|
||||
|
||||
// autoSni = { renewWithin, renewBy, getCertificates, tlsOptions, _dbg_now }
|
||||
module.exports.create = function (autoSni) {
|
||||
|
||||
if (!autoSni.getCertificatesAsync) { autoSni.getCertificatesAsync = require('bluebird').promisify(autoSni.getCertificates); }
|
||||
if (!autoSni.getCertificatesAsync) { autoSni.getCertificatesAsync = promisify(autoSni.getCertificates); }
|
||||
if (!autoSni.renewWithin) { autoSni.renewWithin = autoSni.notBefore || defaults.renewWithin; }
|
||||
if (autoSni.renewWithin < defaults._renewWithinMin) {
|
||||
throw new Error("options.renewWithin should be at least 3 days");
|
||||
throw new Error("options.renewWithin should be at least " + (defaults._renewWithinMin / DAY) + " days");
|
||||
}
|
||||
if (!autoSni.renewBy) { autoSni.renewBy = autoSni.notAfter || defaults.renewBy; }
|
||||
if (autoSni.renewBy < defaults._renewByMin) {
|
||||
throw new Error("options.renewBy should be at least 12 hours");
|
||||
throw new Error("options.renewBy should be at least " + (defaults._renewBy / HOUR) + " hours");
|
||||
}
|
||||
if (!autoSni.tlsOptions) { autoSni.tlsOptions = autoSni.httpsOptions || {}; }
|
||||
|
||||
|
@ -63,7 +72,8 @@ module.exports.create = function (autoSni) {
|
|||
certs: certs
|
||||
, tlsContext: 'string' === typeof certs.cert && tls.createSecureContext({
|
||||
key: certs.privkey
|
||||
, cert: certs.cert + certs.chain
|
||||
// backwards/forwards compat
|
||||
, cert: (certs.cert||'').replace(/[\r\n]+$/, '') + '\r\n' + certs.chain
|
||||
, rejectUnauthorized: autoSni.tlsOptions.rejectUnauthorized
|
||||
|
||||
, requestCert: autoSni.tlsOptions.requestCert // request peer verification
|
||||
|
@ -121,7 +131,7 @@ module.exports.create = function (autoSni) {
|
|||
else if (certMeta.then) {
|
||||
//log(autoSni.debug, "PROMISED CERT", domain);
|
||||
// we are already getting a cert
|
||||
promise = certMeta
|
||||
promise = certMeta;
|
||||
}
|
||||
else if (now >= certMeta.expiresNear) {
|
||||
//log(autoSni.debug, "EXPIRED CERT");
|
||||
|
@ -136,7 +146,10 @@ module.exports.create = function (autoSni) {
|
|||
// give the cert some time (2-5 min) to be validated and replaced before trying again
|
||||
certMeta.renewAt = (autoSni._dbg_now || Date.now()) + (2 * MIN) + (3 * MIN * Math.random());
|
||||
// let the update happen in the background
|
||||
autoSni.getCertificatesAsync(domain, certMeta.certs).then(autoSni.cacheCerts);
|
||||
autoSni.getCertificatesAsync(domain, certMeta.certs).then(autoSni.cacheCerts, function (error) {
|
||||
// console.error('ERROR in le-sni-auto:');
|
||||
// console.error(err.stack || err);
|
||||
})
|
||||
}
|
||||
|
||||
// return the valid cert right away
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"name": "le-sni-auto",
|
||||
"version": "2.1.9",
|
||||
"lockfileVersion": 1
|
||||
}
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"name": "le-sni-auto",
|
||||
"version": "2.1.2",
|
||||
"version": "2.1.9",
|
||||
"description": "An auto-sni strategy for registering and renewing letsencrypt certificates using SNICallback",
|
||||
"homepage": "https://git.coolaj86.com/coolaj86/le-sni-auto.js",
|
||||
"main": "index.js",
|
||||
"dependencies": {
|
||||
"bluebird": "^3.4.1"
|
||||
"trulyOptionalDependencies": {
|
||||
"bluebird": "^3.5.1"
|
||||
},
|
||||
"devDependencies": {},
|
||||
"scripts": {
|
||||
|
@ -13,7 +13,7 @@
|
|||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://git.coolaj86.com/coolaj86/le-sni-auto.git"
|
||||
"url": "https://git.coolaj86.com/coolaj86/le-sni-auto.js.git"
|
||||
},
|
||||
"keywords": [
|
||||
"le-sni",
|
||||
|
|
Loading…
Reference in New Issue