ryanburnette/greenlock-express.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lex v2.x

Browse Source
This commit is contained in:
AJ ONeal 2016-08-15 21:18:39 -04:00
parent 26eb38fb25
commit 86d0f7c4b8
6 changed files with 5 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
examples/README.md
View File

@ -1,12 +0,0 @@
letsencrypt cluster examples
-------------------
First you need to change the email address in `examples/worker.js`.
Then you can run the example like so:
```
node examples/serve.js
```
That will put certificates in `~/letsencrypt.test` by default.

35
examples/master.js
View File

@ -1,35 +0,0 @@
'use strict';
var cluster = require('cluster');
module.exports.init = function (sharedOpts) {
var numCores = 2; // // Math.max(2, require('os').cpus().length)
var i;
var master = require('../master').create({
debug: true
, server: 'staging'
, webrootPath: sharedOpts.webrootPath
, approveDomains: function (masterOptions, certs, cb) {
// Depending on your setup it may be more efficient
// for you to implement the approveDomains function
// in your master or in your workers.
//
// Since we implement it in the worker (below) in this example
// we'll give it an immediate approval here in the master
var results = { domain: masterOptions.domain, options: masterOptions, certs: certs };
cb(null, results);
}
});
for (i = 0; i < numCores; i += 1) {
master.addWorker(cluster.fork());
}
};

33
examples/serve.js
View File

@ -1,33 +0,0 @@
'use strict';
var cluster = require('cluster');
var main;
// You'll often see examples where people use cluster
// master and worker all in the same file, which is fine,
// but in order to conserve memory and especially to be
// less confusing, I'm splitting the code into two files
if (cluster.isMaster) {
main = require('./master');
}
else {
main = require('./worker');
}
// this is nothing letsencrypt-cluster specific
// I'm just arbitrarily choosing to share some configuration
// that I know I'm going to use in both places
main.init({
// Depending on the strategy, the whole le-challenge-<<strategy>>
// could be shared between worker and server, but since I'm just
// using using le-challenge-fs (as you'll see), I'm only sharing the webrootPath
webrootPath: require('os').tmpdir() + require('path').sep + 'acme-challenge'
// this is used both by node-letsencrypt (master) and le-sni-auto (worker)
, renewWithin: 15 * 24 * 60 * 60 * 1000
});

87
examples/worker.js
View File

@ -1,87 +0,0 @@
'use strict';
module.exports.init = function (sharedOpts) {
var worker = require('../worker').create({
debug: true
// We want both to renew well before the expiration date
// and also to stagger the renewals, just a touch
// here we specify to renew between 10 and 15 days
, renewWithin: sharedOpts.renewWithin
, renewBy: 10 * 24 * 60 * 60 * 1000 // optional
, webrootPath: sharedOpts.webrootPath
/*
challenge: {
get: function (ignored, domain, token, cb) {
cb(null, keyAuthorization);
}
}
, getChallenge: function (domain, token, cb) {
// the default behavior is to use le-challenge-fs
// TODO maybe provide a built-in option to pass a message to master to use its
// but you could overwrite that with a function to pass a message to master or,
// but if needed for performance, that can be overwritten here
cb(null, );
}
*/
// There are two approval processes:
// 1. emails are tied to private keys (accounts) which must agree to the tos url
// 2. domains are tied to accounts (and should be verifiable via loopback)
, approveDomains: function (workerOptions, certs, cb) {
// opts = { domains, email, agreeTos, tosUrl }
// certs = { subject, altnames, expiresAt, issuedAt }
var results = {
domain: workerOptions.domains[0]
, options: {
domains: certs && certs.altnames || workerOptions.domains
, email: 'john.doe@example.com'
, agreeTos: true
}
, certs: certs
};
// We might want to do a check to make sure that all of the domains
// specified in altnames are still approved to be renewed and have
// the correct dns entries, but generally speaking it's probably okay
// for renewals to be automatic
if (certs) {
// modify opts.domains to overwrite certs.altnames in renewal
cb(null, results);
return;
}
// This is where we would check our database to make sure that
// this user (specified by email address) has agreed to the terms
// and do some check that they have access to this domain
cb(null, results);
}
});
function app(req, res) {
res.end("Hello, World!");
}
// worker.handleAcmeOrRedirectToHttps()
// worker.handleAcmeOrUse(app)
var redirectHttps = require('redirect-https')();
var plainServer = require('http').createServer(worker.middleware(redirectHttps));
var server = require('https').createServer(worker.httpsOptions, worker.middleware(app));
plainServer.listen(80);
server.listen(443);
};

0
master.js → lex.js
View File

8
package.json
View File

@ -1,13 +1,15 @@
{ {
"name": "letsencrypt-cluster", "name": "letsencrypt-encrypt",
"version": "2.0.0", "version": "2.0.0",
"description": "Use automatic letsencrypt (free ssl certs) on multiple cores or even multiple machines", "description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
"main": "index.js", "main": "lex.js",
"directories": { "directories": {
"example": "examples" "example": "examples"
}, },
"dependencies": { "dependencies": {
"le-challenge-fs": "^2.0.4",
"le-sni-auto": "^2.0.1", "le-sni-auto": "^2.0.1",
"le-store-certbot": "^2.0.3",
"letsencrypt": "^2.0.4", "letsencrypt": "^2.0.4",
"localhost.daplie.com-certificates": "^1.2.3", "localhost.daplie.com-certificates": "^1.2.3",
"redirect-https": "^1.1.0" "redirect-https": "^1.1.0"