From 714377bbf90244924554cd87922bd4d209ca00cc Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 5 Apr 2017 04:18:35 -0400 Subject: [PATCH] make ACME / greenlock optional --- bin/stunneld.js | 31 ++++++++++++++++--------------- handlers.js | 18 +++++++++++++----- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/bin/stunneld.js b/bin/stunneld.js index 230ad2d..65f60da 100755 --- a/bin/stunneld.js +++ b/bin/stunneld.js @@ -164,30 +164,31 @@ if (!program.email || !program.agreeTos) { console.error("You didn't specify --email and --agree-tos"); console.error("(required for ACME / Let's Encrypt / Greenlock TLS/SSL certs)"); console.error(""); - process.exit(1); } -program.greenlock = greenlock.create({ +else { + program.greenlock = greenlock.create({ - //server: 'staging' - server: 'https://acme-v01.api.letsencrypt.org/directory' + //server: 'staging' + server: 'https://acme-v01.api.letsencrypt.org/directory' -, challenges: { - // TODO dns-01 - 'http-01': require('le-challenge-fs').create({ webrootPath: '/tmp/acme-challenges' }) - } + , challenges: { + // TODO dns-01 + 'http-01': require('le-challenge-fs').create({ webrootPath: '/tmp/acme-challenges' }) + } -, store: require('le-store-certbot').create({ webrootPath: '/tmp/acme-challenges' }) + , store: require('le-store-certbot').create({ webrootPath: '/tmp/acme-challenges' }) -, email: program.email + , email: program.email -, agreeTos: program.agreeTos + , agreeTos: program.agreeTos -, approveDomains: approveDomains + , approveDomains: approveDomains -//, approvedDomains: program.servernames + //, approvedDomains: program.servernames -}); -//program.tlsOptions.SNICallback = program.greenlock.SNICallback; + }); +} +//program.tlsOptions.SNICallback = program.greenlock.httpsOptions.SNICallback; /* program.middleware = program.greenlock.middleware(function (req, res) { res.end('Hello, World!'); diff --git a/handlers.js b/handlers.js index cfc4676..efd044b 100644 --- a/handlers.js +++ b/handlers.js @@ -8,12 +8,16 @@ var redirectHttps = require('redirect-https')(); module.exports.create = function (program) { var tunnelAdminTlsOpts = {}; - // Probably a reverse proxy on an internal network - program.httpServer = http.createServer(program.greenlock.middleware(function (req, res) { + // Probably a reverse proxy on an internal network (or ACME challenge) + function notFound(req, res) { console.log('req.socket.encrypted', req.socket.encrypted); res.statusCode = 404; res.end("File not found.\n"); - })); + } + program.httpServer = http.createServer( + program.greenlock && program.greenlock.middleware(notFound) + || notFound + ); program.handleHttp = function (servername, socket) { console.log("handleHttp('" + servername + "', socket)"); socket.__my_servername = servername; @@ -21,10 +25,14 @@ module.exports.create = function (program) { }; // Probably something that needs to be redirected to https - program.httpInsecureServer = http.createServer(program.greenlock.middleware(function (req, res) { + function redirectHttpsAndClose(req, res) { res.setHeader('Connection', 'close'); redirectHttps(req, res); - })); + } + program.httpInsecureServer = http.createServer( + program.greenlock && program.greenlock.middleware(redirectHttpsAndClose) + || redirectHttpsAndClose + ); program.handleInsecureHttp = function (servername, socket) { console.log("handleInsecureHttp('" + servername + "', socket)"); socket.__my_servername = servername;