added hooks to handle ACME challenges
This commit is contained in:
parent
afca49feae
commit
70e7d57395
|
@ -6,20 +6,27 @@ module.exports.create = function (deps, config) {
|
|||
//var PromiseA = global.Promise;
|
||||
var PromiseA = require('bluebird');
|
||||
var listeners = require('./servers').listeners;
|
||||
var modules = { };
|
||||
var modules;
|
||||
|
||||
function loadModules() {
|
||||
modules = {};
|
||||
|
||||
modules.tls = require('./modules/tls').create(deps, config, netHandler);
|
||||
modules.http = require('./modules/http.js').create(deps, config, modules.tls.middleware);
|
||||
}
|
||||
|
||||
// opts = { servername, encrypted, peek, data, remoteAddress, remotePort }
|
||||
function peek(conn, firstChunk, opts) {
|
||||
if (!modules) {
|
||||
loadModules();
|
||||
}
|
||||
|
||||
opts.firstChunk = firstChunk;
|
||||
conn.__opts = opts;
|
||||
// TODO port/service-based routing can do here
|
||||
|
||||
// TLS byte 1 is handshake and byte 6 is client hello
|
||||
if (0x16 === firstChunk[0]/* && 0x01 === firstChunk[5]*/) {
|
||||
if (!modules.tls) {
|
||||
modules.tls = require('./modules/tls').create(deps, config, netHandler);
|
||||
}
|
||||
|
||||
modules.tls.emit('connection', conn);
|
||||
return;
|
||||
}
|
||||
|
@ -37,10 +44,6 @@ module.exports.create = function (deps, config) {
|
|||
if (firstChunk[0] > 32 && firstChunk[0] < 127) {
|
||||
var firstStr = firstChunk.toString();
|
||||
if (/HTTP\//i.test(firstStr)) {
|
||||
if (!modules.http) {
|
||||
modules.http = require('./modules/http.js').create(deps, config);
|
||||
}
|
||||
|
||||
modules.http.emit('connection', conn);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
'use strict';
|
||||
|
||||
module.exports.create = function (deps, conf) {
|
||||
module.exports.create = function (deps, conf, greenlockMiddleware) {
|
||||
var express = require('express');
|
||||
var app = express();
|
||||
var adminApp = require('./admin').create(deps, conf);
|
||||
|
@ -19,11 +19,13 @@ module.exports.create = function (deps, conf) {
|
|||
var redirecters = {};
|
||||
function redirectHttps(req, res, next) {
|
||||
var port = req.headers.host.split(':')[1];
|
||||
var redirecter = redirecters[port];
|
||||
if (!redirecter) {
|
||||
redirecter = redirecters[port] = require('redirect-https')({port: port});
|
||||
if (!redirecters[port]) {
|
||||
redirecters[port] = require('redirect-https')({
|
||||
port: port
|
||||
, trustProxy: conf.http.trustProxy
|
||||
});
|
||||
}
|
||||
redirecter(req, res, next);
|
||||
redirecters[port](req, res, next);
|
||||
}
|
||||
|
||||
function handleAdmin(req, res, next) {
|
||||
|
@ -123,6 +125,7 @@ module.exports.create = function (deps, conf) {
|
|||
};
|
||||
}
|
||||
|
||||
app.use(greenlockMiddleware);
|
||||
app.use(redirectHttps);
|
||||
app.use(handleAdmin);
|
||||
|
||||
|
|
|
@ -199,6 +199,14 @@ module.exports.create = function (deps, config, netHandler) {
|
|||
// 2. Terminated (goes on to a particular module or route, including the admin interface)
|
||||
// 3. Closed (we don't recognize the SNI servername as something we actually want to handle)
|
||||
|
||||
// We always want to terminate is the SNI matches the challenge pattern, unless a client
|
||||
// on the south side has temporarily claimed a particular challenge. For the time being
|
||||
// we don't have a way for the south-side to communicate with us, so that part isn't done.
|
||||
if (domainMatches('*.acme-challenge.invalid', opts.servername)) {
|
||||
terminate(socket, opts);
|
||||
return;
|
||||
}
|
||||
|
||||
var handled = (config.tls.modules || []).some(function (mod) {
|
||||
var relevant = mod.domains.some(function (pattern) {
|
||||
return domainMatches(pattern, opts.servername);
|
||||
|
@ -231,5 +239,6 @@ module.exports.create = function (deps, config, netHandler) {
|
|||
handleConn(socket, socket.__opts);
|
||||
}
|
||||
}
|
||||
, middleware: le.middleware()
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
process.on('message', function (conf) {
|
||||
var deps = {
|
||||
messenger: process
|
||||
// Note that if a custom createConnections is used it will be called with different
|
||||
// sets of custom options based on what is actually being proxied. Most notably the
|
||||
// HTTP proxying connection creation is not something we currently control.
|
||||
, net: require('net')
|
||||
};
|
||||
require('./goldilocks.js').create(deps, conf);
|
||||
|
|
Loading…
Reference in New Issue