tested certs issued via greenlock
This commit is contained in:
parent
50a4d9360a
commit
81dce2f0a1
|
@ -136,27 +136,22 @@ if (!program.secret) {
|
|||
|
||||
// TODO letsencrypt
|
||||
program.tlsOptions = require('localhost.daplie.com-certificates').merge({});
|
||||
/*
|
||||
program.tlsOptions.SNICallback = program.greenlock.SNICallback;
|
||||
program.middleware = program.greenlock.middleware(function (req, res) {
|
||||
res.end('Hello, World!');
|
||||
});
|
||||
*/
|
||||
/*
|
||||
|
||||
function approveDomains(opts, certs, cb) {
|
||||
// This is where you check your database and associated
|
||||
// email addresses with domains and agreements and such
|
||||
|
||||
|
||||
// The domains being approved for the first time are listed in opts.domains
|
||||
// Certs being renewed are listed in certs.altnames
|
||||
if (certs) {
|
||||
opts.domains = certs.altnames;
|
||||
}
|
||||
else {
|
||||
if (-1 !== program.servernames.indexOf(opts.domain)) {
|
||||
opts.email = program.email;
|
||||
opts.agreeTos = program.agreeTos;
|
||||
}
|
||||
}
|
||||
|
||||
// NOTE: you can also change other options such as `challengeType` and `challenge`
|
||||
// opts.challengeType = 'http-01';
|
||||
|
@ -165,10 +160,16 @@ function approveDomains(opts, certs, cb) {
|
|||
cb(null, { options: opts, certs: certs });
|
||||
}
|
||||
|
||||
if (!program.email || !program.agreeTos) {
|
||||
console.error("You didn't specify --email <EMAIL> and --agree-tos");
|
||||
console.error("(required for ACME / Let's Encrypt / Greenlock TLS/SSL certs)");
|
||||
console.error("");
|
||||
process.exit(1);
|
||||
}
|
||||
program.greenlock = greenlock.create({
|
||||
|
||||
server: 'staging'
|
||||
// server: 'https://acme-v01.api.letsencrypt.org/directory'
|
||||
//server: 'staging'
|
||||
server: 'https://acme-v01.api.letsencrypt.org/directory'
|
||||
|
||||
, challenges: {
|
||||
// TODO dns-01
|
||||
|
@ -181,8 +182,15 @@ program.greenlock = greenlock.create({
|
|||
|
||||
, agreeTos: program.agreeTos
|
||||
|
||||
, approveDomains: program.servernames // approveDomains
|
||||
, approveDomains: approveDomains
|
||||
|
||||
//, approvedDomains: program.servernames
|
||||
|
||||
});
|
||||
//program.tlsOptions.SNICallback = program.greenlock.SNICallback;
|
||||
/*
|
||||
program.middleware = program.greenlock.middleware(function (req, res) {
|
||||
res.end('Hello, World!');
|
||||
});
|
||||
*/
|
||||
|
||||
|
|
70
handlers.js
70
handlers.js
|
@ -6,37 +6,43 @@ var packerStream = require('tunnel-packer').Stream;
|
|||
var redirectHttps = require('redirect-https')();
|
||||
|
||||
module.exports.create = function (program) {
|
||||
program.httpServer = http.createServer(function (req, res) {
|
||||
console.log('req.socket.encrypted', req.socket.encrypted);
|
||||
res.end("Look! I can do a thing!");
|
||||
});
|
||||
var tunnelAdminTlsOpts = {};
|
||||
|
||||
program.httpInsecureServer = http.createServer(function (req, res) {
|
||||
// Probably a reverse proxy on an internal network
|
||||
program.httpServer = http.createServer(program.greenlock.middleware(function (req, res) {
|
||||
console.log('req.socket.encrypted', req.socket.encrypted);
|
||||
res.statusCode = 404;
|
||||
res.end("File not found.\n");
|
||||
}));
|
||||
program.handleHttp = function (servername, socket) {
|
||||
console.log("handleHttp('" + servername + "', socket)");
|
||||
socket.__my_servername = servername;
|
||||
program.httpServer.emit('connection', socket);
|
||||
};
|
||||
|
||||
// Probably something that needs to be redirected to https
|
||||
program.httpInsecureServer = http.createServer(program.greenlock.middleware(function (req, res) {
|
||||
res.setHeader('Connection', 'close');
|
||||
redirectHttps(req, res);
|
||||
});
|
||||
program.httpTunnelServer = http.createServer(function (req, res) {
|
||||
console.log('req.socket.encrypted', req.socket.encrypted);
|
||||
res.end('Hello, World!');
|
||||
});
|
||||
}));
|
||||
program.handleInsecureHttp = function (servername, socket) {
|
||||
console.log("handleInsecureHttp('" + servername + "', socket)");
|
||||
socket.__my_servername = servername;
|
||||
program.httpInsecureServer.emit('connection', socket);
|
||||
};
|
||||
|
||||
|
||||
//
|
||||
// SNI is not recogonized / cannot be handled
|
||||
//
|
||||
program.httpInvalidSniServer = http.createServer(function (req, res) {
|
||||
res.end("You're doing strange things that make me feel uncomfortable. Please don't touch me there any more.");
|
||||
});
|
||||
program.tlsTunnelServer = tls.createServer(program.tlsOptions, function (tlsSocket) {
|
||||
console.log('tls connection');
|
||||
// things get a little messed up here
|
||||
(program.httpTunnelServer || program.httpServer).emit('connection', tlsSocket);
|
||||
});
|
||||
program.tlsInvalidSniServer = tls.createServer(program.tlsOptions, function (tlsSocket) {
|
||||
console.log('tls connection');
|
||||
// things get a little messed up here
|
||||
program.httpInvalidSniServer.emit('connection', tlsSocket);
|
||||
});
|
||||
program.handleInsecureHttp = function (servername, socket) {
|
||||
console.log("handleInsecureHttp('" + servername + "', socket)");
|
||||
socket.__my_servername = servername;
|
||||
program.httpInsecureServer.emit('connection', socket);
|
||||
};
|
||||
program.httpsInvalid = function (servername, socket) {
|
||||
// none of these methods work:
|
||||
// httpsServer.emit('connection', socket); // this didn't work
|
||||
|
@ -57,6 +63,26 @@ module.exports.create = function (program) {
|
|||
console.error(err);
|
||||
});
|
||||
};
|
||||
|
||||
//
|
||||
// To ADMIN / CONTROL PANEL of the Tunnel Server Itself
|
||||
//
|
||||
program.httpTunnelServer = http.createServer(function (req, res) {
|
||||
console.log('req.socket.encrypted', req.socket.encrypted);
|
||||
res.end('Hello, World!');
|
||||
});
|
||||
Object.keys(program.tlsOptions).forEach(function (key) {
|
||||
tunnelAdminTlsOpts[key] = program.tlsOptions[key];
|
||||
});
|
||||
tunnelAdminTlsOpts.SNICallback = (program.greenlock && program.greenlock.httpsOptions && function (servername, cb) {
|
||||
console.log("time to handle '" + servername + "'");
|
||||
program.greenlock.httpsOptions.SNICallback(servername, cb);
|
||||
}) || tunnelAdminTlsOpts.SNICallback;
|
||||
program.tlsTunnelServer = tls.createServer(tunnelAdminTlsOpts, function (tlsSocket) {
|
||||
console.log('tls connection');
|
||||
// things get a little messed up here
|
||||
(program.httpTunnelServer || program.httpServer).emit('connection', tlsSocket);
|
||||
});
|
||||
program.httpsTunnel = function (servername, socket) {
|
||||
// none of these methods work:
|
||||
// httpsServer.emit('connection', socket); // this didn't work
|
||||
|
@ -65,7 +91,7 @@ module.exports.create = function (program) {
|
|||
|
||||
var myDuplex = packerStream.create(socket);
|
||||
|
||||
console.log('httpsTunnel servername', servername);
|
||||
console.log('httpsTunnel (Admin) servername', servername);
|
||||
program.tlsTunnelServer.emit('connection', myDuplex);
|
||||
|
||||
socket.on('data', function (chunk) {
|
||||
|
@ -73,7 +99,7 @@ module.exports.create = function (program) {
|
|||
myDuplex.push(chunk);
|
||||
});
|
||||
socket.on('error', function (err) {
|
||||
console.error('[error] httpsTunnel TODO close');
|
||||
console.error('[error] httpsTunnel (Admin) TODO close');
|
||||
console.error(err);
|
||||
});
|
||||
};
|
||||
|
|
13
wstunneld.js
13
wstunneld.js
|
@ -307,13 +307,20 @@ module.exports.create = function (copts) {
|
|||
var nextDevice;
|
||||
|
||||
if (-1 !== copts.servernames.indexOf(servername)) {
|
||||
console.log("Lock and load, admin interface time!");
|
||||
copts.httpsTunnel(servername, browser);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!servername) {
|
||||
console.log("No SNI was given, so there's nothing we can do here");
|
||||
copts.httpsInvalid(servername, browser);
|
||||
return;
|
||||
}
|
||||
|
||||
nextDevice = Devices.next(deviceLists, servername);
|
||||
if (!servername || !nextDevice) {
|
||||
console.log('this is a server or an unknown');
|
||||
if (!nextDevice) {
|
||||
console.log("No devices match the given servername");
|
||||
copts.httpsInvalid(servername, browser);
|
||||
return;
|
||||
}
|
||||
|
@ -347,7 +354,7 @@ module.exports.create = function (copts) {
|
|||
pipeWs(servername, service, browser, Devices.next(deviceLists, servername));
|
||||
return;
|
||||
}
|
||||
copts.handleInsecureHttp(servername, browser);
|
||||
copts.handleHttp(servername, browser);
|
||||
}
|
||||
else {
|
||||
// redirect to https
|
||||
|
|
Loading…
Reference in New Issue