Compare commits
No commits in common. "master" and "greenlock" have entirely different histories.
|
@ -25,6 +25,3 @@ build/Release
|
||||||
# Dependency directory
|
# Dependency directory
|
||||||
# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
|
# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
|
||||||
node_modules
|
node_modules
|
||||||
|
|
||||||
# VS Code
|
|
||||||
.vscode
|
|
575
LICENSE
575
LICENSE
|
@ -1,375 +1,202 @@
|
||||||
Copyright 2017-2019 AJ ONeal
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright {yyyy} {name of copyright owner}
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
|
||||||
Mozilla Public License Version 2.0
|
|
||||||
==================================
|
|
||||||
|
|
||||||
1. Definitions
|
|
||||||
--------------
|
|
||||||
|
|
||||||
1.1. "Contributor"
|
|
||||||
means each individual or legal entity that creates, contributes to
|
|
||||||
the creation of, or owns Covered Software.
|
|
||||||
|
|
||||||
1.2. "Contributor Version"
|
|
||||||
means the combination of the Contributions of others (if any) used
|
|
||||||
by a Contributor and that particular Contributor's Contribution.
|
|
||||||
|
|
||||||
1.3. "Contribution"
|
|
||||||
means Covered Software of a particular Contributor.
|
|
||||||
|
|
||||||
1.4. "Covered Software"
|
|
||||||
means Source Code Form to which the initial Contributor has attached
|
|
||||||
the notice in Exhibit A, the Executable Form of such Source Code
|
|
||||||
Form, and Modifications of such Source Code Form, in each case
|
|
||||||
including portions thereof.
|
|
||||||
|
|
||||||
1.5. "Incompatible With Secondary Licenses"
|
|
||||||
means
|
|
||||||
|
|
||||||
(a) that the initial Contributor has attached the notice described
|
|
||||||
in Exhibit B to the Covered Software; or
|
|
||||||
|
|
||||||
(b) that the Covered Software was made available under the terms of
|
|
||||||
version 1.1 or earlier of the License, but not also under the
|
|
||||||
terms of a Secondary License.
|
|
||||||
|
|
||||||
1.6. "Executable Form"
|
|
||||||
means any form of the work other than Source Code Form.
|
|
||||||
|
|
||||||
1.7. "Larger Work"
|
|
||||||
means a work that combines Covered Software with other material, in
|
|
||||||
a separate file or files, that is not Covered Software.
|
|
||||||
|
|
||||||
1.8. "License"
|
|
||||||
means this document.
|
|
||||||
|
|
||||||
1.9. "Licensable"
|
|
||||||
means having the right to grant, to the maximum extent possible,
|
|
||||||
whether at the time of the initial grant or subsequently, any and
|
|
||||||
all of the rights conveyed by this License.
|
|
||||||
|
|
||||||
1.10. "Modifications"
|
|
||||||
means any of the following:
|
|
||||||
|
|
||||||
(a) any file in Source Code Form that results from an addition to,
|
|
||||||
deletion from, or modification of the contents of Covered
|
|
||||||
Software; or
|
|
||||||
|
|
||||||
(b) any new file in Source Code Form that contains any Covered
|
|
||||||
Software.
|
|
||||||
|
|
||||||
1.11. "Patent Claims" of a Contributor
|
|
||||||
means any patent claim(s), including without limitation, method,
|
|
||||||
process, and apparatus claims, in any patent Licensable by such
|
|
||||||
Contributor that would be infringed, but for the grant of the
|
|
||||||
License, by the making, using, selling, offering for sale, having
|
|
||||||
made, import, or transfer of either its Contributions or its
|
|
||||||
Contributor Version.
|
|
||||||
|
|
||||||
1.12. "Secondary License"
|
|
||||||
means either the GNU General Public License, Version 2.0, the GNU
|
|
||||||
Lesser General Public License, Version 2.1, the GNU Affero General
|
|
||||||
Public License, Version 3.0, or any later versions of those
|
|
||||||
licenses.
|
|
||||||
|
|
||||||
1.13. "Source Code Form"
|
|
||||||
means the form of the work preferred for making modifications.
|
|
||||||
|
|
||||||
1.14. "You" (or "Your")
|
|
||||||
means an individual or a legal entity exercising rights under this
|
|
||||||
License. For legal entities, "You" includes any entity that
|
|
||||||
controls, is controlled by, or is under common control with You. For
|
|
||||||
purposes of this definition, "control" means (a) the power, direct
|
|
||||||
or indirect, to cause the direction or management of such entity,
|
|
||||||
whether by contract or otherwise, or (b) ownership of more than
|
|
||||||
fifty percent (50%) of the outstanding shares or beneficial
|
|
||||||
ownership of such entity.
|
|
||||||
|
|
||||||
2. License Grants and Conditions
|
|
||||||
--------------------------------
|
|
||||||
|
|
||||||
2.1. Grants
|
|
||||||
|
|
||||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
|
||||||
non-exclusive license:
|
|
||||||
|
|
||||||
(a) under intellectual property rights (other than patent or trademark)
|
|
||||||
Licensable by such Contributor to use, reproduce, make available,
|
|
||||||
modify, display, perform, distribute, and otherwise exploit its
|
|
||||||
Contributions, either on an unmodified basis, with Modifications, or
|
|
||||||
as part of a Larger Work; and
|
|
||||||
|
|
||||||
(b) under Patent Claims of such Contributor to make, use, sell, offer
|
|
||||||
for sale, have made, import, and otherwise transfer either its
|
|
||||||
Contributions or its Contributor Version.
|
|
||||||
|
|
||||||
2.2. Effective Date
|
|
||||||
|
|
||||||
The licenses granted in Section 2.1 with respect to any Contribution
|
|
||||||
become effective for each Contribution on the date the Contributor first
|
|
||||||
distributes such Contribution.
|
|
||||||
|
|
||||||
2.3. Limitations on Grant Scope
|
|
||||||
|
|
||||||
The licenses granted in this Section 2 are the only rights granted under
|
|
||||||
this License. No additional rights or licenses will be implied from the
|
|
||||||
distribution or licensing of Covered Software under this License.
|
|
||||||
Notwithstanding Section 2.1(b) above, no patent license is granted by a
|
|
||||||
Contributor:
|
|
||||||
|
|
||||||
(a) for any code that a Contributor has removed from Covered Software;
|
|
||||||
or
|
|
||||||
|
|
||||||
(b) for infringements caused by: (i) Your and any other third party's
|
|
||||||
modifications of Covered Software, or (ii) the combination of its
|
|
||||||
Contributions with other software (except as part of its Contributor
|
|
||||||
Version); or
|
|
||||||
|
|
||||||
(c) under Patent Claims infringed by Covered Software in the absence of
|
|
||||||
its Contributions.
|
|
||||||
|
|
||||||
This License does not grant any rights in the trademarks, service marks,
|
|
||||||
or logos of any Contributor (except as may be necessary to comply with
|
|
||||||
the notice requirements in Section 3.4).
|
|
||||||
|
|
||||||
2.4. Subsequent Licenses
|
|
||||||
|
|
||||||
No Contributor makes additional grants as a result of Your choice to
|
|
||||||
distribute the Covered Software under a subsequent version of this
|
|
||||||
License (see Section 10.2) or under the terms of a Secondary License (if
|
|
||||||
permitted under the terms of Section 3.3).
|
|
||||||
|
|
||||||
2.5. Representation
|
|
||||||
|
|
||||||
Each Contributor represents that the Contributor believes its
|
|
||||||
Contributions are its original creation(s) or it has sufficient rights
|
|
||||||
to grant the rights to its Contributions conveyed by this License.
|
|
||||||
|
|
||||||
2.6. Fair Use
|
|
||||||
|
|
||||||
This License is not intended to limit any rights You have under
|
|
||||||
applicable copyright doctrines of fair use, fair dealing, or other
|
|
||||||
equivalents.
|
|
||||||
|
|
||||||
2.7. Conditions
|
|
||||||
|
|
||||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
|
|
||||||
in Section 2.1.
|
|
||||||
|
|
||||||
3. Responsibilities
|
|
||||||
-------------------
|
|
||||||
|
|
||||||
3.1. Distribution of Source Form
|
|
||||||
|
|
||||||
All distribution of Covered Software in Source Code Form, including any
|
|
||||||
Modifications that You create or to which You contribute, must be under
|
|
||||||
the terms of this License. You must inform recipients that the Source
|
|
||||||
Code Form of the Covered Software is governed by the terms of this
|
|
||||||
License, and how they can obtain a copy of this License. You may not
|
|
||||||
attempt to alter or restrict the recipients' rights in the Source Code
|
|
||||||
Form.
|
|
||||||
|
|
||||||
3.2. Distribution of Executable Form
|
|
||||||
|
|
||||||
If You distribute Covered Software in Executable Form then:
|
|
||||||
|
|
||||||
(a) such Covered Software must also be made available in Source Code
|
|
||||||
Form, as described in Section 3.1, and You must inform recipients of
|
|
||||||
the Executable Form how they can obtain a copy of such Source Code
|
|
||||||
Form by reasonable means in a timely manner, at a charge no more
|
|
||||||
than the cost of distribution to the recipient; and
|
|
||||||
|
|
||||||
(b) You may distribute such Executable Form under the terms of this
|
|
||||||
License, or sublicense it under different terms, provided that the
|
|
||||||
license for the Executable Form does not attempt to limit or alter
|
|
||||||
the recipients' rights in the Source Code Form under this License.
|
|
||||||
|
|
||||||
3.3. Distribution of a Larger Work
|
|
||||||
|
|
||||||
You may create and distribute a Larger Work under terms of Your choice,
|
|
||||||
provided that You also comply with the requirements of this License for
|
|
||||||
the Covered Software. If the Larger Work is a combination of Covered
|
|
||||||
Software with a work governed by one or more Secondary Licenses, and the
|
|
||||||
Covered Software is not Incompatible With Secondary Licenses, this
|
|
||||||
License permits You to additionally distribute such Covered Software
|
|
||||||
under the terms of such Secondary License(s), so that the recipient of
|
|
||||||
the Larger Work may, at their option, further distribute the Covered
|
|
||||||
Software under the terms of either this License or such Secondary
|
|
||||||
License(s).
|
|
||||||
|
|
||||||
3.4. Notices
|
|
||||||
|
|
||||||
You may not remove or alter the substance of any license notices
|
|
||||||
(including copyright notices, patent notices, disclaimers of warranty,
|
|
||||||
or limitations of liability) contained within the Source Code Form of
|
|
||||||
the Covered Software, except that You may alter any license notices to
|
|
||||||
the extent required to remedy known factual inaccuracies.
|
|
||||||
|
|
||||||
3.5. Application of Additional Terms
|
|
||||||
|
|
||||||
You may choose to offer, and to charge a fee for, warranty, support,
|
|
||||||
indemnity or liability obligations to one or more recipients of Covered
|
|
||||||
Software. However, You may do so only on Your own behalf, and not on
|
|
||||||
behalf of any Contributor. You must make it absolutely clear that any
|
|
||||||
such warranty, support, indemnity, or liability obligation is offered by
|
|
||||||
You alone, and You hereby agree to indemnify every Contributor for any
|
|
||||||
liability incurred by such Contributor as a result of warranty, support,
|
|
||||||
indemnity or liability terms You offer. You may include additional
|
|
||||||
disclaimers of warranty and limitations of liability specific to any
|
|
||||||
jurisdiction.
|
|
||||||
|
|
||||||
4. Inability to Comply Due to Statute or Regulation
|
|
||||||
---------------------------------------------------
|
|
||||||
|
|
||||||
If it is impossible for You to comply with any of the terms of this
|
|
||||||
License with respect to some or all of the Covered Software due to
|
|
||||||
statute, judicial order, or regulation then You must: (a) comply with
|
|
||||||
the terms of this License to the maximum extent possible; and (b)
|
|
||||||
describe the limitations and the code they affect. Such description must
|
|
||||||
be placed in a text file included with all distributions of the Covered
|
|
||||||
Software under this License. Except to the extent prohibited by statute
|
|
||||||
or regulation, such description must be sufficiently detailed for a
|
|
||||||
recipient of ordinary skill to be able to understand it.
|
|
||||||
|
|
||||||
5. Termination
|
|
||||||
--------------
|
|
||||||
|
|
||||||
5.1. The rights granted under this License will terminate automatically
|
|
||||||
if You fail to comply with any of its terms. However, if You become
|
|
||||||
compliant, then the rights granted under this License from a particular
|
|
||||||
Contributor are reinstated (a) provisionally, unless and until such
|
|
||||||
Contributor explicitly and finally terminates Your grants, and (b) on an
|
|
||||||
ongoing basis, if such Contributor fails to notify You of the
|
|
||||||
non-compliance by some reasonable means prior to 60 days after You have
|
|
||||||
come back into compliance. Moreover, Your grants from a particular
|
|
||||||
Contributor are reinstated on an ongoing basis if such Contributor
|
|
||||||
notifies You of the non-compliance by some reasonable means, this is the
|
|
||||||
first time You have received notice of non-compliance with this License
|
|
||||||
from such Contributor, and You become compliant prior to 30 days after
|
|
||||||
Your receipt of the notice.
|
|
||||||
|
|
||||||
5.2. If You initiate litigation against any entity by asserting a patent
|
|
||||||
infringement claim (excluding declaratory judgment actions,
|
|
||||||
counter-claims, and cross-claims) alleging that a Contributor Version
|
|
||||||
directly or indirectly infringes any patent, then the rights granted to
|
|
||||||
You by any and all Contributors for the Covered Software under Section
|
|
||||||
2.1 of this License shall terminate.
|
|
||||||
|
|
||||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
|
|
||||||
end user license agreements (excluding distributors and resellers) which
|
|
||||||
have been validly granted by You or Your distributors under this License
|
|
||||||
prior to termination shall survive termination.
|
|
||||||
|
|
||||||
************************************************************************
|
|
||||||
* *
|
|
||||||
* 6. Disclaimer of Warranty *
|
|
||||||
* ------------------------- *
|
|
||||||
* *
|
|
||||||
* Covered Software is provided under this License on an "as is" *
|
|
||||||
* basis, without warranty of any kind, either expressed, implied, or *
|
|
||||||
* statutory, including, without limitation, warranties that the *
|
|
||||||
* Covered Software is free of defects, merchantable, fit for a *
|
|
||||||
* particular purpose or non-infringing. The entire risk as to the *
|
|
||||||
* quality and performance of the Covered Software is with You. *
|
|
||||||
* Should any Covered Software prove defective in any respect, You *
|
|
||||||
* (not any Contributor) assume the cost of any necessary servicing, *
|
|
||||||
* repair, or correction. This disclaimer of warranty constitutes an *
|
|
||||||
* essential part of this License. No use of any Covered Software is *
|
|
||||||
* authorized under this License except under this disclaimer. *
|
|
||||||
* *
|
|
||||||
************************************************************************
|
|
||||||
|
|
||||||
************************************************************************
|
|
||||||
* *
|
|
||||||
* 7. Limitation of Liability *
|
|
||||||
* -------------------------- *
|
|
||||||
* *
|
|
||||||
* Under no circumstances and under no legal theory, whether tort *
|
|
||||||
* (including negligence), contract, or otherwise, shall any *
|
|
||||||
* Contributor, or anyone who distributes Covered Software as *
|
|
||||||
* permitted above, be liable to You for any direct, indirect, *
|
|
||||||
* special, incidental, or consequential damages of any character *
|
|
||||||
* including, without limitation, damages for lost profits, loss of *
|
|
||||||
* goodwill, work stoppage, computer failure or malfunction, or any *
|
|
||||||
* and all other commercial damages or losses, even if such party *
|
|
||||||
* shall have been informed of the possibility of such damages. This *
|
|
||||||
* limitation of liability shall not apply to liability for death or *
|
|
||||||
* personal injury resulting from such party's negligence to the *
|
|
||||||
* extent applicable law prohibits such limitation. Some *
|
|
||||||
* jurisdictions do not allow the exclusion or limitation of *
|
|
||||||
* incidental or consequential damages, so this exclusion and *
|
|
||||||
* limitation may not apply to You. *
|
|
||||||
* *
|
|
||||||
************************************************************************
|
|
||||||
|
|
||||||
8. Litigation
|
|
||||||
-------------
|
|
||||||
|
|
||||||
Any litigation relating to this License may be brought only in the
|
|
||||||
courts of a jurisdiction where the defendant maintains its principal
|
|
||||||
place of business and such litigation shall be governed by laws of that
|
|
||||||
jurisdiction, without reference to its conflict-of-law provisions.
|
|
||||||
Nothing in this Section shall prevent a party's ability to bring
|
|
||||||
cross-claims or counter-claims.
|
|
||||||
|
|
||||||
9. Miscellaneous
|
|
||||||
----------------
|
|
||||||
|
|
||||||
This License represents the complete agreement concerning the subject
|
|
||||||
matter hereof. If any provision of this License is held to be
|
|
||||||
unenforceable, such provision shall be reformed only to the extent
|
|
||||||
necessary to make it enforceable. Any law or regulation which provides
|
|
||||||
that the language of a contract shall be construed against the drafter
|
|
||||||
shall not be used to construe this License against a Contributor.
|
|
||||||
|
|
||||||
10. Versions of the License
|
|
||||||
---------------------------
|
|
||||||
|
|
||||||
10.1. New Versions
|
|
||||||
|
|
||||||
Mozilla Foundation is the license steward. Except as provided in Section
|
|
||||||
10.3, no one other than the license steward has the right to modify or
|
|
||||||
publish new versions of this License. Each version will be given a
|
|
||||||
distinguishing version number.
|
|
||||||
|
|
||||||
10.2. Effect of New Versions
|
|
||||||
|
|
||||||
You may distribute the Covered Software under the terms of the version
|
|
||||||
of the License under which You originally received the Covered Software,
|
|
||||||
or under the terms of any subsequent version published by the license
|
|
||||||
steward.
|
|
||||||
|
|
||||||
10.3. Modified Versions
|
|
||||||
|
|
||||||
If you create software not governed by this License, and you want to
|
|
||||||
create a new license for such software, you may create and use a
|
|
||||||
modified version of this License if you rename the license and remove
|
|
||||||
any references to the name of the license steward (except to note that
|
|
||||||
such modified license differs from this License).
|
|
||||||
|
|
||||||
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
|
||||||
Licenses
|
|
||||||
|
|
||||||
If You choose to distribute Source Code Form that is Incompatible With
|
|
||||||
Secondary Licenses under the terms of this version of the License, the
|
|
||||||
notice described in Exhibit B of this License must be attached.
|
|
||||||
|
|
||||||
Exhibit A - Source Code Form License Notice
|
|
||||||
-------------------------------------------
|
|
||||||
|
|
||||||
This Source Code Form is subject to the terms of the Mozilla Public
|
|
||||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
||||||
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
|
|
||||||
If it is not possible or desirable to put the notice in a particular
|
|
||||||
file, then You may include the notice in a location (such as a LICENSE
|
|
||||||
file in a relevant directory) where a recipient would be likely to look
|
|
||||||
for such a notice.
|
|
||||||
|
|
||||||
You may add additional accurate notices of copyright ownership.
|
|
||||||
|
|
||||||
Exhibit B - "Incompatible With Secondary Licenses" Notice
|
|
||||||
---------------------------------------------------------
|
|
||||||
|
|
||||||
This Source Code Form is "Incompatible With Secondary Licenses", as
|
|
||||||
defined by the Mozilla Public License, v. 2.0.
|
|
||||||
|
|
418
README.md
418
README.md
|
@ -1,223 +1,274 @@
|
||||||
![Greenlock Logo](https://git.rootprojects.org/root/greenlock.js/raw/branch/master/logo/greenlock-1063x250.png "Greenlock Logo")
|
<!-- BANNER_TPL_BEGIN -->
|
||||||
|
|
||||||
!["Greenlock Function"](https://git.rootprojects.org/root/greenlock.js/raw/branch/master/logo/from-not-secure-to-secure-url-bar.png "from url bar showing not secure to url bar showing secure")
|
About Daplie: We're taking back the Internet!
|
||||||
|
--------------
|
||||||
|
|
||||||
|
Down with Google, Apple, and Facebook!
|
||||||
|
|
||||||
# [Greenlock™](https://git.rootprojects.org/root/greenlock-cli.js) for Web Servers | a [Root](https://rootprojects.org) project
|
We're re-decentralizing the web and making it read-write again - one home cloud system at a time.
|
||||||
|
|
||||||
Free SSL, Free Wildcard SSL, and Fully Automated HTTPS made dead simple<br>
|
Tired of serving the Empire? Come join the Rebel Alliance:
|
||||||
<small>certificates issued by Let's Encrypt v2 via [ACME](https://git.rootprojects.org/root/acme-v2.js)</small>
|
|
||||||
|
|
||||||
!["Lifetime Downloads"](https://img.shields.io/npm/dt/greenlock.svg "Lifetime Download Count can't be shown")
|
<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone
|
||||||
!["Monthly Downloads"](https://img.shields.io/npm/dm/greenlock.svg "Monthly Download Count can't be shown")
|
|
||||||
!["Weekly Downloads"](https://img.shields.io/npm/dw/greenlock.svg "Weekly Download Count can't be shown")
|
|
||||||
!["Stackoverflow Questions"](https://img.shields.io/stackexchange/stackoverflow/t/greenlock.svg "S.O. Question count can't be shown")
|
|
||||||
|
|
||||||
| **Greenlock for Web Servers**
|
<!-- BANNER_TPL_END -->
|
||||||
| [Greenlock for Web Browsers](https://git.rootprojects.org/root/greenlock.html)
|
|
||||||
| [Greenlock for Express.js](https://git.rootprojects.org/root/greenlock-express.js)
|
# greenlock-cli (letsencrypt-cli for node.js)
|
||||||
| [Greenlock™.js](https://git.rootprojects.org/root/greenlock.js)
|
|
||||||
|
[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||||
|
|
||||||
|
| [greenlock (library)](https://git.daplie.com/Daplie/node-greenlock)
|
||||||
|
| **greenlock-cli**
|
||||||
|
| [greenlock-express](https://git.daplie.com/Daplie/greenlock-express)
|
||||||
|
| [greenlock-koa](https://git.daplie.com/Daplie/greenlock-koa)
|
||||||
|
| [greenlock-hapi](https://git.daplie.com/Daplie/greenlock-hapi)
|
||||||
|
|
|
|
||||||
|
|
||||||
# Features
|
CLI for node-greenlock modeled after the official client.
|
||||||
|
|
||||||
- [x] Commandline (cli) Certificate Manager (like certbot)
|
* Free SSL Certificates
|
||||||
- [x] Integrated Web Server
|
* 90-day certificate lifetime
|
||||||
- [x] Free SSL Certificates
|
* One-off standalone registration / renewal
|
||||||
- [x] Automatic certificate renewal before expiration
|
* On-the-fly registration / renewal via webroot
|
||||||
- [x] One-off standalone registration / renewal
|
|
||||||
- [x] On-the-fly registration / renewal via webroot
|
|
||||||
|
|
||||||
# Install
|
## Install Node
|
||||||
|
|
||||||
## Mac & Linux
|
For **Windows**:
|
||||||
|
|
||||||
Open Terminal and run this install script:
|
Choose **Stable** from <https://nodejs.org/en/>
|
||||||
|
|
||||||
|
For Linux and **OS X**:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -L bit.ly/nodejs-min | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
# Install Greenlock
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl -fsS https://get.greenlock.app/ | bash
|
npm install -g greenlock-cli@2.x
|
||||||
```
|
```
|
||||||
|
|
||||||
This will install greenlock to `/opt/greenlock` and put a symlink to
|
## Usage
|
||||||
`/opt/greenlock/bin/greenlock` in `/usr/local/bin/greenlock` for convenience.
|
|
||||||
|
|
||||||
You can customize the installation:
|
These commands are shown using the **testing server**.
|
||||||
|
|
||||||
|
Want to use the **live server**?
|
||||||
|
|
||||||
|
1. change server to `--server https://acme-v01.api.letsencrypt.org/directory`
|
||||||
|
|
||||||
|
**Note**: This has really only been tested with single domains so if
|
||||||
|
multiple domains doesn't work for you, file a bug.
|
||||||
|
|
||||||
|
### Standalone (primarily for testing)
|
||||||
|
|
||||||
|
You can run standalone mode to get a cert **on the server**. You either use an
|
||||||
|
http-01 challenge (the default) on port 80, or a tls-sni-01 challenge on port
|
||||||
|
443 (or 5001). Like so:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
export NODEJS_VER=v8.11.1
|
greenlock certonly \
|
||||||
export GREENLOCK_PATH=/opt/greenlock
|
--agree-tos --email john.doe@example.com \
|
||||||
curl -fsS https://get.greenlock.app/ | bash
|
--standalone \
|
||||||
|
--domains example.com,www.example.com \
|
||||||
|
--server https://acme-staging.api.letsencrypt.org/directory \
|
||||||
|
--config-dir ~/letsencrypt/etc
|
||||||
```
|
```
|
||||||
|
|
||||||
This will change which version of node.js is bundled with greenlock
|
or
|
||||||
and the path to which greenlock installs.
|
|
||||||
|
|
||||||
## Windows & Node.js
|
|
||||||
|
|
||||||
1. Install [node.js](https://nodejs.org)
|
|
||||||
2. Open _Node.js_
|
|
||||||
2. Run the command `npm install -g greenlock-cli`
|
|
||||||
|
|
||||||
# Usage
|
|
||||||
|
|
||||||
We have a few different examples of issuing SSL certificates:
|
|
||||||
|
|
||||||
* Standalone (testing): Issue a one-off certificate
|
|
||||||
* Webroot (production): Automatic certificate renewal for Apache, Nginx, HAProxy, etc
|
|
||||||
* Manual (debugging): Go through the certificate proccess step-by-step
|
|
||||||
<!-- * Server (production): Leave it all to Greenlock -->
|
|
||||||
|
|
||||||
**Important Note**: Staging vs Production
|
|
||||||
|
|
||||||
Each of these examples are using the **staging server**.
|
|
||||||
|
|
||||||
Once you've successfully gotten certificates with the staging server
|
|
||||||
you must **delete** `--config-dir` (i.e. `rm -rf ~/acme`) and then
|
|
||||||
switch to the **production server**.
|
|
||||||
|
|
||||||
```
|
|
||||||
--acme-version draft-11 --server https://acme-v02.api.letsencrypt.org/directory \
|
|
||||||
```
|
|
||||||
|
|
||||||
## Standalone
|
|
||||||
|
|
||||||
<small>**primarily for testing**</small>
|
|
||||||
|
|
||||||
You can run in standalone mode **on your server** and get a cert instantly.
|
|
||||||
|
|
||||||
Note: No other webserver may be running at the time (use Webroot mode for that).
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo greenlock certonly --standalone \
|
greenlock certonly \
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
--agree-tos --email john.doe@example.com \
|
||||||
--agree-tos --email jon@example.com --domains example.com,www.example.com \
|
--standalone --tls-sni-01-port 443 \
|
||||||
--community-member \
|
--domains example.com,www.example.com \
|
||||||
--config-dir ~/acme/etc
|
--server https://acme-staging.api.letsencrypt.org/directory \
|
||||||
|
--config-dir ~/letsencrypt/etc
|
||||||
```
|
```
|
||||||
|
|
||||||
## WebRoot
|
Then you can see your certs at `~/letsencrypt/etc/live`.
|
||||||
|
|
||||||
<small>**for testing and production**</small>
|
```
|
||||||
|
ls ~/letsencrypt/etc/live
|
||||||
|
```
|
||||||
|
|
||||||
With this method you must use **your existing http (port 80) server** (Apache, Nginx, HAProxy, etc).
|
This option is great for testing, but since it requires the use of
|
||||||
You will specify the **path or template path** to your `public_html` or `www` webroot.
|
the same ports that your webserver needs, it isn't a good choice
|
||||||
|
for production.
|
||||||
|
|
||||||
For example:
|
### WebRoot (production option 1)
|
||||||
|
|
||||||
* I want to get an SSL cert for `example.com`
|
You can specify the path to where you keep your `index.html` with `webroot`, as
|
||||||
* `index.html` lives at `/srv/www/example.com`
|
long as your server is serving plain HTTP on port 80.
|
||||||
* I would use this command:
|
|
||||||
|
For example, if I want to get a domain for `example.com` and my `index.html` is
|
||||||
|
at `/srv/www/example.com`, then I would use this command:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo greenlock certonly --webroot \
|
sudo greenlock certonly \
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
--agree-tos --email john.doe@example.com \
|
||||||
--agree-tos --email jon@example.com --domains example.com \
|
--webroot --webroot-path /srv/www/example.com \
|
||||||
--community-member \
|
--config-dir /etc/letsencrypt \
|
||||||
--root /srv/www/example.com \
|
--domains example.com,www.example.com \
|
||||||
--config-dir ~/acme/etc
|
--server https://acme-staging.api.letsencrypt.org/directory
|
||||||
```
|
```
|
||||||
|
|
||||||
Now let's say that
|
Note that we use `sudo` because in this example we are using `/etc/letsencrypt`
|
||||||
|
as the cert directory rather than `~/letsencrypt/etc`, which we used in the previous example.
|
||||||
|
|
||||||
* I have many sites in `/srv/www/`, all by their name
|
Then see your brand new shiny certs:
|
||||||
* I already store my ssl certs in the format `/etc/apache/ssl/:hostname/{key.pem,ssl.crt}`
|
|
||||||
* I'll run this command instead:
|
```
|
||||||
|
ls /etc/letsencrypt/live/
|
||||||
|
```
|
||||||
|
|
||||||
|
You can use a cron job to run the script above every 80 days (the certificates expire after 90 days)
|
||||||
|
so that you always have fresh certificates.
|
||||||
|
|
||||||
|
### Hooks (production option 2)
|
||||||
|
|
||||||
|
You can also integrate with a secure server. This is more complicated than the
|
||||||
|
webroot option, but it allows you to obtain certificates with only port 443
|
||||||
|
open. This facility can work with any web server as long as it supports server
|
||||||
|
name indication (SNI) and you can provide a configuration file template and
|
||||||
|
shell hooks to install and uninstall the configuration (without downtime). In
|
||||||
|
fact, it doesn't even need to be a webserver (though it must run on port 443);
|
||||||
|
it could be another server that performs SSL/TLS negotiation with SNI.
|
||||||
|
|
||||||
|
The process works something like this. You would run:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo greenlock certonly --webroot \
|
sudo greenlock certonly \
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
--agree-tos --email john.doe@example.com \
|
||||||
--agree-tos --email jon@example.com --domains example.com,whatever.com,foobar.net \
|
--hooks --hooks-server apache2-debian \
|
||||||
--community-member \
|
--config-dir /etc/letsencrypt \
|
||||||
--root "/srv/www/:hostname" \
|
--domains example.com,www.example.com \
|
||||||
--privkey-path "/etc/apache/ssl/:hostname/key.pem" \
|
--server https://acme-staging.api.letsencrypt.org/directory
|
||||||
--fullchain-path "/etc/apache/ssl/:hostname/ssl.crt" \
|
|
||||||
--config-dir ~/acme/etc
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Run with cron
|
Three files are then generated:
|
||||||
|
|
||||||
Those commands are safe to be run **daily** with cron.
|
* a configuration fragment: `some-long-string.conf`
|
||||||
The certificates will automatically renew 2 weeks before expiring.
|
* a challenge-fulfilling certificate: `the-same-long-string.crt`
|
||||||
|
* a private key: `the-same-long-string.key`
|
||||||
|
|
||||||
## Interactive
|
A hook is then run to enable the fragment, e.g. by linking it (it should not be
|
||||||
|
moved) into a `conf.d` directory (for Apache on Debian, `sites-enabled`). A
|
||||||
|
second hook is then run to check the configuration is valid, to avoid
|
||||||
|
accidental downtime, and then another to signal to the server to reload the
|
||||||
|
configuration. The server will now serve the generated certificate on a special
|
||||||
|
domain to prove you own the domain you're getting a certificate for.
|
||||||
|
|
||||||
<small>**primarily for debugging**</small>
|
After the domain has been validated externally, hooks are run to disable the
|
||||||
|
configuration fragment, and again check and reload the configuration.
|
||||||
|
|
||||||
|
You can then find your brand new certs in:
|
||||||
|
|
||||||
|
```
|
||||||
|
ls /etc/letsencrypt/live/
|
||||||
|
```
|
||||||
|
|
||||||
|
Tailor to your server and distro using the `--hooks-server` option. So far, the
|
||||||
|
following are supported (contributions for additional servers welcome):
|
||||||
|
|
||||||
|
* apache2-debian
|
||||||
|
|
||||||
|
To tweak it for your setup and taste, see all the `hooks-` options in the
|
||||||
|
Command Line Options section below. Also note that the following substitutions
|
||||||
|
are available for use in the hooks and the template:
|
||||||
|
|
||||||
|
* `{{{token}}}`: the token
|
||||||
|
* `{{{domain}}}`: the domain for which a certificate is being sought (beware of
|
||||||
|
this if using multiple domains per certificate)
|
||||||
|
* `{{{subject}}}`: the domain for which the generated challenge-fulfilling
|
||||||
|
certificate must be used (only available when generating it)
|
||||||
|
* `{{{cert}}}`: the path to the generated certificate: `hooks-path/token.crt`
|
||||||
|
* `{{{privkey}}}`: the path to the generated private key: `hooks-path/token.key`
|
||||||
|
* `{{{conf}}}`: the path to the generated config file: `hooks-path/token.conf`
|
||||||
|
* `{{{bind}}}`: the value of the `hooks-bind` option
|
||||||
|
* `{{{port}}}`: the value of the `hooks-port` option
|
||||||
|
* `{{{webroot}}}`: the value of the `hooks-webroot` option
|
||||||
|
|
||||||
|
### Interactive (for debugging)
|
||||||
|
|
||||||
The token (for all challenge types) and keyAuthorization (only for https-01)
|
The token (for all challenge types) and keyAuthorization (only for https-01)
|
||||||
will be printed to the screen and you will be given time to copy it wherever
|
will be printed to the screen and you will be given time to copy it wherever
|
||||||
(file, dns record, database, etc) and the process will complete once you hit `enter`.
|
(file, dns record, database, etc) and the process will complete once you hit `enter`.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo greenlock certonly --manual \
|
sudo greenlock certonly \
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
--agree-tos --email john.doe@example.com \
|
||||||
--agree-tos --email jon@example.com --domains example.com \
|
--manual
|
||||||
--community-member \
|
--config-dir /etc/letsencrypt \
|
||||||
--config-dir ~/acme/etc
|
--domains example.com,www.example.com \
|
||||||
|
--server https://acme-staging.api.letsencrypt.org/directory
|
||||||
```
|
```
|
||||||
|
|
||||||
# Certificate Locations
|
## Test with a free domain
|
||||||
Then you can see your certs at `~/acme/etc/live`.
|
|
||||||
|
|
||||||
```
|
|
||||||
~/acme/etc/
|
|
||||||
└── example.com
|
|
||||||
├── cert.pem
|
|
||||||
├── chain.pem
|
|
||||||
├── fullchain.pem (Apache, Nginx, node.js)
|
|
||||||
├── privkey.pem (Apache, Nginx, node.js)
|
|
||||||
└── bundle.pem (HAProxy)
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Run without root (no sudo)
|
|
||||||
|
|
||||||
`sudo` is used to allow greenlock to use port 80 and write to httpd-owned directories.
|
|
||||||
|
|
||||||
Allow greenlock to bind on system ports without root:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo setcap cap_net_bind_service=+ep /opt/greenlock/bin/node
|
# Install Daplie DNS
|
||||||
|
npm install -g ddns-cli
|
||||||
|
|
||||||
|
# see terms of use
|
||||||
|
ddns --help
|
||||||
|
|
||||||
|
# agree to terms and get domain
|
||||||
|
ddns --random --email user@example.com --agree
|
||||||
|
|
||||||
|
# the default is to use the ip address from which
|
||||||
|
# you can the command, but you can also assign the
|
||||||
|
# ip manually
|
||||||
|
ddns --random --email user@example.com --agree -a '127.0.0.1'
|
||||||
```
|
```
|
||||||
|
|
||||||
To allow greenlock to write to folders owned by another user, set it to run as that user.
|
Example domain:
|
||||||
|
|
||||||
Otherwise, you can change the permissions on the folders, which is
|
```
|
||||||
**probably a BAD IDEA**. Probabry a **security risk**.
|
rubber-duck-42.daplie.me
|
||||||
But since some of you are going to do it anyway I might as well tell you how:
|
```
|
||||||
|
|
||||||
|
## Run without Root
|
||||||
|
|
||||||
|
If you'd like to allow node.js to use privileged ports `80` and `443`
|
||||||
|
(and everything under 1024 really) without being run as `root` or `sudo`,
|
||||||
|
you can use `setcap` to do so. (it may need to be run any time you reinstall node as well)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo setcap cap_net_bind_service=+ep /usr/local/bin/node
|
||||||
|
```
|
||||||
|
|
||||||
|
By default `node-greenlock` assumes your home directory `~/letsencrypt/`, but if
|
||||||
|
you really want to use `/etc/letsencrypt`, `/var/lib/letsencrypt/`, and `/var/log/letsencrypt`
|
||||||
|
you could change the permissions on them. **Probably a BAD IDEA**. Probabry a security risk.
|
||||||
|
|
||||||
```
|
```
|
||||||
# PROBABLY A BAD IDEA
|
# PROBABLY A BAD IDEA
|
||||||
sudo chown -R $(whoami) /etc/ssl /etc/acme
|
sudo chown -R $(whoami) /etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt
|
||||||
```
|
```
|
||||||
|
|
||||||
# Command Line Options
|
## Command Line Options
|
||||||
|
|
||||||
```
|
```
|
||||||
Usage:
|
Usage:
|
||||||
greenlock [OPTIONS] [ARGS]
|
greenlock [OPTIONS] [ARGS]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
--acme-version [STRING] 'draft-11' for Let's Encrypt v2 or 'v01' for Let's Encrypt v1. (default: null)
|
--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))
|
||||||
|
|
||||||
--acme-url [URL] Directory URL for ACME API. Let's Encrypt URLs are:
|
|
||||||
draft-11
|
|
||||||
https://acme-staging-v02.api.letsencrypt.org/directory
|
|
||||||
https://acme-v02.api.letsencrypt.org/directory
|
|
||||||
|
|
||||||
v01
|
|
||||||
https://acme-staging.api.letsencrypt.org/directory
|
|
||||||
https://acme-v01.api.letsencrypt.org/directory
|
|
||||||
|
|
||||||
--email EMAIL Email used for registration and recovery contact. (default: null)
|
--email EMAIL Email used for registration and recovery contact. (default: null)
|
||||||
|
|
||||||
--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement
|
--agree-tos BOOLEAN Agree to the Let's Encrypt Subscriber Agreement
|
||||||
|
|
||||||
--community-member Submit stats to and receive updates from Greenlock
|
--domains URL Domain names to apply. For multiple domains you can enter a comma
|
||||||
|
|
||||||
--domains HOSTNAME Domain names to apply. For multiple domains you can enter a comma
|
|
||||||
separated list of domains as a parameter. (default: [])
|
separated list of domains as a parameter. (default: [])
|
||||||
|
|
||||||
--renew-within [NUMBER] Renew certificates this many days before expiry. (default: 10)
|
--renew-within [NUMBER] Renew certificates this many days before expiry. (default: 7)
|
||||||
|
|
||||||
|
--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one/is
|
||||||
|
an early renewal.
|
||||||
|
|
||||||
|
--rsa-key-size [NUMBER] Size (in bits) of the RSA key. (Default is 2048)
|
||||||
|
|
||||||
--cert-path STRING Path to where new cert.pem is saved
|
--cert-path STRING Path to where new cert.pem is saved
|
||||||
(Default is :conf/live/:hostname/cert.pem)
|
(Default is :conf/live/:hostname/cert.pem)
|
||||||
|
@ -228,15 +279,15 @@ Options:
|
||||||
--chain-path [STRING] Path to where new chain.pem is saved
|
--chain-path [STRING] Path to where new chain.pem is saved
|
||||||
(Default is :conf/live/:hostname/chain.pem)
|
(Default is :conf/live/:hostname/chain.pem)
|
||||||
|
|
||||||
--bundle-path [STRING] Path to where new bundle.pem (fullchain + privkey) is saved
|
|
||||||
(Default is :conf/live/:hostname/bundle.pem)
|
|
||||||
|
|
||||||
--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)
|
--domain-key-path STRING Path to privkey.pem to use for domain (default: generate new)
|
||||||
|
|
||||||
--account-key-path STRING Path to privkey.pem to use for account (default: generate new)
|
--account-key-path STRING Path to privkey.pem to use for account (default: generate new)
|
||||||
|
|
||||||
--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)
|
--config-dir STRING Configuration directory. (Default is ~/letsencrypt/etc/)
|
||||||
|
|
||||||
|
--tls-sni-01-port NUMBER Use TLS-SNI-01 challenge type with this port.
|
||||||
|
(must be 443 with most production servers) (Boulder allows 5001 in testing mode)
|
||||||
|
|
||||||
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
--http-01-port [NUMBER] Use HTTP-01 challenge type with this port, used for SimpleHttp challenge. (Default is 80)
|
||||||
(must be 80 with most production servers)
|
(must be 80 with most production servers)
|
||||||
|
|
||||||
|
@ -247,41 +298,42 @@ Options:
|
||||||
--manual [BOOLEAN] Print the token and key to the screen and wait for you to hit enter,
|
--manual [BOOLEAN] Print the token and key to the screen and wait for you to hit enter,
|
||||||
giving you time to copy it somewhere before continuing. (Default is false)
|
giving you time to copy it somewhere before continuing. (Default is false)
|
||||||
|
|
||||||
|
--webroot BOOLEAN Obtain certs by placing files in a webroot directory.
|
||||||
|
|
||||||
|
--webroot-path STRING public_html / webroot path.
|
||||||
|
|
||||||
|
--hooks BOOLEAN Obtain certs with hooks that configure a webserver to meet TLS-SNI-01 challenges.
|
||||||
|
|
||||||
|
--hooks-path STRING Path in which to store files for hooks.
|
||||||
|
(Default is ~/letsencrypt/apache)
|
||||||
|
|
||||||
|
--hooks-server STRING Type of webserver to configure. Sets defaults for all the following --hooks- options.
|
||||||
|
Either --hooks-server or --hooks-template must be given.
|
||||||
|
(See the Hooks section above for a list of supported servers.)
|
||||||
|
|
||||||
|
--hooks-template STRING Template to use for hooks configuration file.
|
||||||
|
Either --hooks-server or --hooks-template must be given.
|
||||||
|
|
||||||
|
--hooks-bind STRING IP address to use in configuration for hooks. (Default is *)
|
||||||
|
|
||||||
|
--hooks-port STRING Port to use in configuration for hooks. (Default is 443)
|
||||||
|
|
||||||
|
--hooks-webroot STRING Webroot to use in configuration for hooks (e.g. empty dir).
|
||||||
|
Nothing should actually be served from here. (Default is /var/www)
|
||||||
|
|
||||||
|
--hooks-pre-enable STRING Hook to check the webserver configuration prior to enabling.
|
||||||
|
|
||||||
|
--hooks-enable STRING Hook to enable the webserver configuration.
|
||||||
|
|
||||||
|
--hooks-pre-reload STRING Hook to check the webserver configuration prior to reloading.
|
||||||
|
|
||||||
|
--hooks-reload STRING Hook to reload the webserver.
|
||||||
|
|
||||||
|
--hooks-disable STRING Hook to disable the webserver configuration.
|
||||||
|
|
||||||
--debug BOOLEAN show traces and logs
|
--debug BOOLEAN show traces and logs
|
||||||
|
|
||||||
-h, --help Display help and usage details
|
-h, --help Display help and usage details
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
# Certbot Command Line Options
|
|
||||||
|
|
||||||
These options are maintained for compatability with certbot:
|
|
||||||
|
|
||||||
```
|
|
||||||
--server [STRING] ACME Directory Resource URI. (Default is https://acme-v01.api.letsencrypt.org/directory))
|
|
||||||
|
|
||||||
--duplicate BOOLEAN Allow getting a certificate that duplicates an existing one/is
|
|
||||||
an early renewal.
|
|
||||||
|
|
||||||
--webroot BOOLEAN Obtain certs by placing files in a webroot directory.
|
|
||||||
|
|
||||||
--webroot-path STRING public_html / webroot path.
|
|
||||||
```
|
|
||||||
|
|
||||||
Note: some of the options may not be fully implemented. If you encounter a problem, please report a bug on the issues page.
|
Note: some of the options may not be fully implemented. If you encounter a problem, please report a bug on the issues page.
|
||||||
|
|
||||||
# Legal & Rules of the Road
|
|
||||||
|
|
||||||
Greenlock™ and Bluecrypt™ are [trademarks](https://rootprojects.org/legal/#trademark) of AJ ONeal
|
|
||||||
|
|
||||||
The rule of thumb is "attribute, but don't confuse". For example:
|
|
||||||
|
|
||||||
> Built with [Greenlock CLI](https://git.rootprojects.org/root/greenlock-cli.js) (a [Root](https://rootprojects.org) project).
|
|
||||||
|
|
||||||
Please [contact us](mailto:aj@therootcompany.com) if you have any questions in regards to our trademark,
|
|
||||||
attribution, and/or visible source policies. We want to build great software and a great community.
|
|
||||||
|
|
||||||
[Greenlock™](https://git.rootprojects.org/root/greenlock.js) |
|
|
||||||
MPL-2.0 |
|
|
||||||
[Terms of Use](https://therootcompany.com/legal/#terms) |
|
|
||||||
[Privacy Policy](https://therootcompany.com/legal/#privacy)
|
|
||||||
|
|
123
bin/greenlock.js
123
bin/greenlock.js
|
@ -1,123 +0,0 @@
|
||||||
#!/usr/bin/env node
|
|
||||||
'use strict';
|
|
||||||
|
|
||||||
var cli = require('cli');
|
|
||||||
var mkdirp = require('mkdirp');
|
|
||||||
|
|
||||||
cli.parse({
|
|
||||||
'acme-version':
|
|
||||||
[ false, " ACME / Let's Encrypt version. v01 or draft-11 (aka v02)", 'string', 'draft-11' ]
|
|
||||||
, 'acme-url':
|
|
||||||
[ false, " ACME Directory Resource URL", 'string', '' ]
|
|
||||||
, email:
|
|
||||||
[ false, " Email used for registration and recovery contact. (default: null)", 'email' ]
|
|
||||||
, 'agree-tos': [ false, " Agree to the Let's Encrypt Subscriber Agreement", 'boolean', false ]
|
|
||||||
, 'community-member': [ false, " Submit stats to and get updates from Greenlock", 'boolean', false ]
|
|
||||||
, domains:
|
|
||||||
[ false, " Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])", 'string' ]
|
|
||||||
, 'renew-within': [ false, " Renew certificates this many days before expiry", 'int', 7 ]
|
|
||||||
, 'cert-path':
|
|
||||||
[ false, " Path to where new cert.pem is saved", 'string'
|
|
||||||
, ':configDir/live/:hostname/cert.pem' ]
|
|
||||||
, 'fullchain-path':
|
|
||||||
[ false, " Path to where new fullchain.pem (cert + chain) is saved", 'string'
|
|
||||||
, ':configDir/live/:hostname/fullchain.pem' ]
|
|
||||||
, 'bundle-path':
|
|
||||||
[ false, " Path to where new bundle.pem (fullchain + privkey) is saved", 'string'
|
|
||||||
, ':configDir/live/:hostname/bundle.pem' ]
|
|
||||||
, 'chain-path':
|
|
||||||
[ false, " Path to where new chain.pem is saved", 'string'
|
|
||||||
, ':configDir/live/:hostname/chain.pem' ]
|
|
||||||
, 'privkey-path':
|
|
||||||
[ false, " Path to where privkey.pem is saved", 'string'
|
|
||||||
, ':configDir/live/:hostname/privkey.pem' ]
|
|
||||||
, 'config-dir':
|
|
||||||
[ false, " Configuration directory.", 'string'
|
|
||||||
, '~/letsencrypt/etc/' ]
|
|
||||||
, 'http-01-port': [ false, " Use HTTP-01 challenge type with this port (only port 80 is valid with most production servers) (default: 80)", 'int' ]
|
|
||||||
, 'dns-01': [ false, " Use DNS-01 challange type", 'boolean', false ]
|
|
||||||
, standalone: [ false, " Obtain certs using a \"standalone\" webserver.", 'boolean', false ]
|
|
||||||
, manual: [ false, " Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (default: false)", 'boolean', false ]
|
|
||||||
, debug: [ false, " show traces and logs", 'boolean', false ]
|
|
||||||
, 'root': [ false, " public_html / webroot path (may use the :hostname template such as /srv/www/:hostname)", 'string' ]
|
|
||||||
|
|
||||||
//
|
|
||||||
// backwards compat
|
|
||||||
//
|
|
||||||
, duplicate:
|
|
||||||
[ false, " Allow getting a certificate that duplicates an existing one/is an early renewal", 'boolean', false ]
|
|
||||||
, 'rsa-key-size':
|
|
||||||
[ false, " Size (in bits) of the RSA key.", 'int', 2048 ]
|
|
||||||
, server:
|
|
||||||
[ false, " alias of acme-url for certbot compatibility", 'string', '' ]
|
|
||||||
, 'domain-key-path':
|
|
||||||
[ false, " Path to privkey.pem to use for domain (default: generate new)", 'string' ]
|
|
||||||
, 'account-key-path':
|
|
||||||
[ false, " Path to privkey.pem to use for account (default: generate new)", 'string' ]
|
|
||||||
, webroot: [ false, " for certbot compatibility", 'boolean', false ]
|
|
||||||
, 'webroot-path': [ false, "alias of '--root' for certbot compatibility", 'string' ]
|
|
||||||
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-sni-01)", 'string', 'http-01,tls-sni-01']
|
|
||||||
, 'work-dir': [ false, "for certbot compatibility (ignored)", 'string', '~/letsencrypt/var/lib/' ]
|
|
||||||
, 'logs-dir': [ false, "for certbot compatibility (ignored)", 'string', '~/letsencrypt/var/log/' ]
|
|
||||||
});
|
|
||||||
|
|
||||||
// ignore certonly and extraneous arguments
|
|
||||||
cli.main(function(_, options) {
|
|
||||||
console.log('');
|
|
||||||
var args = {};
|
|
||||||
var homedir = require('os').homedir();
|
|
||||||
|
|
||||||
Object.keys(options).forEach(function (key) {
|
|
||||||
var val = options[key];
|
|
||||||
|
|
||||||
if ('string' === typeof val) {
|
|
||||||
val = val.replace(/^~/, homedir);
|
|
||||||
}
|
|
||||||
|
|
||||||
key = key.replace(/\-([a-z0-9A-Z])/g, function (c) { return c[1].toUpperCase(); });
|
|
||||||
args[key] = val;
|
|
||||||
});
|
|
||||||
|
|
||||||
Object.keys(args).forEach(function (key) {
|
|
||||||
var val = args[key];
|
|
||||||
|
|
||||||
if ('string' === typeof val) {
|
|
||||||
val = val.replace(/(\:configDir)|(\:config)/, args.configDir);
|
|
||||||
}
|
|
||||||
|
|
||||||
args[key] = val;
|
|
||||||
});
|
|
||||||
|
|
||||||
if (args.domains) {
|
|
||||||
args.domains = args.domains.split(',');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(Array.isArray(args.domains) && args.domains.length) || !args.email || !args.agreeTos || !args.acmeVersion || (!args.server && !args.acmeUrl)) {
|
|
||||||
console.error("\nUsage:\n\ngreenlock certonly --standalone \\");
|
|
||||||
console.error("\t--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \\");
|
|
||||||
console.error("\t--agree-tos --email user@example.com --domains example.com \\");
|
|
||||||
console.error("\t--config-dir ~/acme/etc \\");
|
|
||||||
console.error("\nSee greenlock --help for more details\n");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (args.http01Port) {
|
|
||||||
// [@agnat]: Coerce to string. cli returns a number although we request a string.
|
|
||||||
args.http01Port = "" + args.http01Port;
|
|
||||||
args.http01Port = args.http01Port.split(',').map(function (port) {
|
|
||||||
return parseInt(port, 10);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
mkdirp(args.configDir, function (err) {
|
|
||||||
if (err) {
|
|
||||||
console.error("Could not create --config-dir '" + args.configDir + "':", err.code);
|
|
||||||
console.error("Try setting --config-dir '/tmp'");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
require('../').run(args).then(function (status) {
|
|
||||||
process.exit(status);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
|
|
@ -0,0 +1,108 @@
|
||||||
|
#!/usr/bin/env node
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var cli = require('cli');
|
||||||
|
var mkdirp = require('mkdirp');
|
||||||
|
|
||||||
|
cli.parse({
|
||||||
|
server: [ false, " ACME Directory Resource URI.", 'string', '' ]
|
||||||
|
, email: [ false, " Email used for registration and recovery contact. (default: null)", 'email' ]
|
||||||
|
, 'agree-tos': [ false, " Agree to the Let's Encrypt Subscriber Agreement", 'boolean', false ]
|
||||||
|
, domains: [ false, " Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])", 'string' ]
|
||||||
|
, 'renew-within': [ false, " Renew certificates this many days before expiry", 'int', 7 ]
|
||||||
|
, duplicate: [ false, " Allow getting a certificate that duplicates an existing one/is an early renewal", 'boolean', false ]
|
||||||
|
, 'rsa-key-size': [ false, " Size (in bits) of the RSA key.", 'int', 2048 ]
|
||||||
|
, 'cert-path': [ false, " Path to where new cert.pem is saved", 'string',':configDir/live/:hostname/cert.pem' ]
|
||||||
|
, 'fullchain-path': [ false, " Path to where new fullchain.pem (cert + chain) is saved", 'string', ':configDir/live/:hostname/fullchain.pem' ]
|
||||||
|
, 'chain-path': [ false, " Path to where new chain.pem is saved", 'string', ':configDir/live/:hostname/chain.pem' ]
|
||||||
|
, 'domain-key-path': [ false, " Path to privkey.pem to use for domain (default: generate new)", 'string' ]
|
||||||
|
, 'account-key-path': [ false, " Path to privkey.pem to use for account (default: generate new)", 'string' ]
|
||||||
|
, 'config-dir': [ false, " Configuration directory.", 'string', '~/letsencrypt/etc/' ]
|
||||||
|
, 'tls-sni-01-port': [ false, " Use TLS-SNI-01 challenge type with this port (only port 443 is valid with most production servers)", 'int' ]
|
||||||
|
, 'http-01-port': [ false, " Use HTTP-01 challenge type with this port (only port 80 is valid with most production servers) (default: 80)", 'int' ]
|
||||||
|
, 'dns-01': [ false, " Use DNS-01 challange type", 'boolean', false ]
|
||||||
|
, standalone: [ false, " Obtain certs using a \"standalone\" webserver.", 'boolean', false ]
|
||||||
|
, manual: [ false, " Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (default: false)", 'boolean', false ]
|
||||||
|
, webroot: [ false, " Obtain certs by placing files in a webroot directory.", 'boolean', false ]
|
||||||
|
, 'webroot-path': [ false, " public_html / webroot path.", 'string' ]
|
||||||
|
, hooks: [ false, " Obtain certs with hooks that configure a webserver to meet TLS-SNI-01 challenges.", 'boolean', false ]
|
||||||
|
, 'hooks-path': [ false, " Path in which to store files for hooks.", 'string' ]
|
||||||
|
, 'hooks-server': [ false, " Type of webserver to configure.", 'string' ]
|
||||||
|
, 'hooks-template': [ false, " Template to use for hooks configuration file.", 'string' ]
|
||||||
|
, 'hooks-bind': [ false, " IP address to use in configuration for hooks.", 'string' ]
|
||||||
|
, 'hooks-port': [ false, " Port to use in configuration for hooks.", 'string' ]
|
||||||
|
, 'hooks-webroot': [ false, " Webroot to use in configuration for hooks (e.g. empty dir).", 'string' ]
|
||||||
|
, 'hooks-pre-enable': [ false, " Hook to check the webserver configuration prior to enabling.", 'string' ]
|
||||||
|
, 'hooks-enable': [ false, " Hook to enable the webserver configuration.", 'string' ]
|
||||||
|
, 'hooks-pre-reload': [ false, " Hook to check the webserver configuration prior to reloading.", 'string' ]
|
||||||
|
, 'hooks-reload': [ false, " Hook to reload the webserver.", 'string' ]
|
||||||
|
, 'hooks-disable': [ false, " Hook to disable the webserver configuration.", 'string' ]
|
||||||
|
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-sni-01)", 'string', 'http-01,tls-sni-01']
|
||||||
|
, debug: [ false, " show traces and logs", 'boolean', false ]
|
||||||
|
, 'work-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/lib/' ]
|
||||||
|
, 'logs-dir': [ false, "(ignored)", 'string', '~/letsencrypt/var/log/' ]
|
||||||
|
});
|
||||||
|
|
||||||
|
// ignore certonly and extraneous arguments
|
||||||
|
cli.main(function(_, options) {
|
||||||
|
console.log('');
|
||||||
|
var args = {};
|
||||||
|
var homedir = require('homedir')();
|
||||||
|
|
||||||
|
Object.keys(options).forEach(function (key) {
|
||||||
|
var val = options[key];
|
||||||
|
|
||||||
|
if ('string' === typeof val) {
|
||||||
|
val = val.replace(/^~/, homedir);
|
||||||
|
}
|
||||||
|
|
||||||
|
key = key.replace(/\-([a-z0-9A-Z])/g, function (c) { return c[1].toUpperCase(); });
|
||||||
|
args[key] = val;
|
||||||
|
});
|
||||||
|
|
||||||
|
Object.keys(args).forEach(function (key) {
|
||||||
|
var val = args[key];
|
||||||
|
|
||||||
|
if ('string' === typeof val) {
|
||||||
|
val = val.replace(/(\:configDir)|(\:config)/, args.configDir);
|
||||||
|
}
|
||||||
|
|
||||||
|
args[key] = val;
|
||||||
|
});
|
||||||
|
|
||||||
|
if (args.domains) {
|
||||||
|
args.domains = args.domains.split(',');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(Array.isArray(args.domains) && args.domains.length) || !args.email || !args.agreeTos) {
|
||||||
|
console.error("\nUsage: greenlock certonly --standalone --domains example.com --email user@example.com --agree-tos");
|
||||||
|
console.error("\nSee greenlock --help for more details\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (args.tlsSni01Port) {
|
||||||
|
// [@agnat]: Coerce to string. cli returns a number although we request a string.
|
||||||
|
args.tlsSni01Port = "" + args.tlsSni01Port;
|
||||||
|
args.tlsSni01Port = args.tlsSni01Port.split(',').map(function (port) {
|
||||||
|
return parseInt(port, 10);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (args.http01Port) {
|
||||||
|
// [@agnat]: Coerce to string. cli returns a number although we request a string.
|
||||||
|
args.http01Port = "" + args.http01Port;
|
||||||
|
args.http01Port = args.http01Port.split(',').map(function (port) {
|
||||||
|
return parseInt(port, 10);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
mkdirp(args.configDir, function (err) {
|
||||||
|
if (err) {
|
||||||
|
console.error("Could not create --config-dir '" + args.configDir + "':", err.code);
|
||||||
|
console.error("Try setting --config-dir '/tmp'");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
require('../').run(args);
|
||||||
|
});
|
||||||
|
});
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
node bin/letsencrypt certonly \
|
||||||
|
--agree-tos --email 'john.doe@gmail.com' \
|
||||||
|
--standalone \
|
||||||
|
--domains example.com,www.example.com \
|
||||||
|
--server https://acme-staging.api.letsencrypt.org/directory \
|
||||||
|
--config-dir ~/letsencrypt.test/etc
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
sudo greenlock certonly --standalone \
|
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
|
||||||
--agree-tos --email jon@example.com --domains example.com,www.example.com \
|
|
||||||
--community-member \
|
|
||||||
--config-dir ~/acme/etc
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
## create a quick server if needed
|
|
||||||
# sudo mkdir -p /srv/www/example.com
|
|
||||||
# pushd /srv/www/example.com
|
|
||||||
# sudo python -m SimpleHTTPServer 80 &
|
|
||||||
# my_pid=$!
|
|
||||||
|
|
||||||
sudo greenlock certonly --webroot \
|
|
||||||
--acme-version draft-11 --acme-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
|
||||||
--agree-tos --email jon@example.com --domains example.com \
|
|
||||||
--community-member \
|
|
||||||
--root /srv/www/example.com \
|
|
||||||
--config-dir ~/acme/etc
|
|
||||||
|
|
||||||
# kill $my_pid
|
|
||||||
# popd
|
|
78
index.js
78
index.js
|
@ -2,21 +2,22 @@
|
||||||
|
|
||||||
var DAY = 24 * 60 * 60 * 1000;
|
var DAY = 24 * 60 * 60 * 1000;
|
||||||
|
|
||||||
var Greenlock = require('greenlock');
|
var LE = require('greenlock');
|
||||||
|
|
||||||
module.exports.run = function (args) {
|
module.exports.run = function (args) {
|
||||||
var leChallenge;
|
var leChallenge;
|
||||||
var leStore;
|
var leStore;
|
||||||
var servers;
|
var servers;
|
||||||
var USE_DNS = {};
|
var USE_DNS = {};
|
||||||
var challengeType;
|
|
||||||
|
|
||||||
args.acmeUrl = args.server = (args.acmeUrl || args.server);
|
var challengeType;
|
||||||
args.root = args.webrootPath = (args.root || args.webrootPath);
|
|
||||||
if (args.dns01) {
|
if (args.dns01) {
|
||||||
challengeType = 'dns-01';
|
challengeType = 'dns-01';
|
||||||
args.webrootPath = '';
|
args.webrootPath = '';
|
||||||
args.standalone = USE_DNS;
|
args.standalone = USE_DNS;
|
||||||
|
} else if (args.tlsSni01Port || args.hooks) {
|
||||||
|
challengeType = 'tls-sni-01';
|
||||||
|
args.webrootPath = '';
|
||||||
} else /*if (args.http01Port)*/ {
|
} else /*if (args.http01Port)*/ {
|
||||||
challengeType = 'http-01';
|
challengeType = 'http-01';
|
||||||
}
|
}
|
||||||
|
@ -24,43 +25,57 @@ module.exports.run = function (args) {
|
||||||
if (args.manual) {
|
if (args.manual) {
|
||||||
leChallenge = require('le-challenge-manual').create({});
|
leChallenge = require('le-challenge-manual').create({});
|
||||||
}
|
}
|
||||||
|
else if (args.hooks) {
|
||||||
|
leChallenge = require('le-challenge-hooks').create({
|
||||||
|
hooksPath: args.hooksPath
|
||||||
|
, hooksServer: args.hooksServer
|
||||||
|
, hooksTemplate: args.hooksTemplate
|
||||||
|
, hooksBind: args.hooksBind
|
||||||
|
, hooksPort: args.hooksPort
|
||||||
|
, hooksWebroot: args.hooksWebroot
|
||||||
|
, hooksPreEnable: args.hooksPreEnable
|
||||||
|
, hooksEnable: args.hooksEnable
|
||||||
|
, hooksPreReload: args.hooksPreReload
|
||||||
|
, hooksReload: args.hooksReload
|
||||||
|
, hooksDisable: args.hooksDisable
|
||||||
|
});
|
||||||
|
}
|
||||||
else if (args.webrootPath) {
|
else if (args.webrootPath) {
|
||||||
// webrootPath is all that really matters here
|
// webrootPath is all that really matters here
|
||||||
// TODO rename le-challenge-fs to le-challenge-webroot
|
// TODO rename le-challenge-fs to le-challenge-webroot
|
||||||
leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath });
|
leChallenge = require('./lib/webroot').create({ webrootPath: args.webrootPath });
|
||||||
}
|
}
|
||||||
|
else if (args.tlsSni01Port) {
|
||||||
|
leChallenge = require('le-challenge-sni').create({});
|
||||||
|
servers = require('./lib/servers').create(leChallenge);
|
||||||
|
}
|
||||||
else if (USE_DNS !== args.standalone) {
|
else if (USE_DNS !== args.standalone) {
|
||||||
leChallenge = require('le-challenge-standalone').create({});
|
leChallenge = require('le-challenge-standalone').create({});
|
||||||
servers = require('./lib/servers').create(leChallenge);
|
servers = require('./lib/servers').create(leChallenge);
|
||||||
}
|
}
|
||||||
|
|
||||||
var privkeyPath = args.privkeyPath || args.domainKeyPath || ':configDir/live/:hostname/privkey.pem'; //args.privkeyPath
|
var privkeyPath = args.domainKeyPath || ':configDir/live/:hostname/privkey.pem'; //args.privkeyPath
|
||||||
leStore = require('le-store-certbot').create({
|
leStore = require('le-store-certbot').create({
|
||||||
configDir: args.configDir
|
configDir: args.configDir
|
||||||
, privkeyPath: privkeyPath
|
, privkeyPath: privkeyPath
|
||||||
, fullchainPath: args.fullchainPath
|
, fullchainPath: args.fullchainPath
|
||||||
, certPath: args.certPath
|
, certPath: args.certPath
|
||||||
, chainPath: args.chainPath
|
, chainPath: args.chainPath
|
||||||
, bundlePath: args.bundlePath
|
, webrootPath: args.webrootPath
|
||||||
, webrootPath: args.root
|
|
||||||
, domainKeyPath: args.domainKeyPath
|
, domainKeyPath: args.domainKeyPath
|
||||||
, accountKeyPath: args.accountKeyPath
|
, accountKeyPath: args.accountKeyPath
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!args.acmeUrl) {
|
if (!args.server) {
|
||||||
throw new Error("You must specify the ACME server url with --acme-url");
|
throw new Error("You must specify a server to use with --server");
|
||||||
}
|
|
||||||
if (!args.acmeVersion) {
|
|
||||||
throw new Error("You must specify the ACME API version with --acme-version");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// let Greenlock know that we're handling standalone / webroot here
|
// let LE know that we're handling standalone / webroot here
|
||||||
var leChallenges = {};
|
var leChallenges = {};
|
||||||
leChallenges[challengeType] = leChallenge;
|
leChallenges[challengeType] = leChallenge;
|
||||||
var greenlock = Greenlock.create({
|
var le = LE.create({
|
||||||
debug: args.debug
|
debug: args.debug
|
||||||
, server: args.acmeUrl
|
, server: args.server
|
||||||
, version: args.acmeVersion
|
|
||||||
, store: leStore
|
, store: leStore
|
||||||
, challenges: leChallenges
|
, challenges: leChallenges
|
||||||
, renewWithin: args.renewWithin * DAY
|
, renewWithin: args.renewWithin * DAY
|
||||||
|
@ -69,13 +84,13 @@ module.exports.run = function (args) {
|
||||||
|
|
||||||
if (servers) {
|
if (servers) {
|
||||||
if (args.tlsSni01Port) {
|
if (args.tlsSni01Port) {
|
||||||
servers.startServers(
|
servers = servers.startServers(
|
||||||
[], args.tlsSni01Port
|
[], args.tlsSni01Port
|
||||||
, { debug: args.debug, tlsOptions: greenlock.tlsOptions }
|
, { debug: args.debug, httpsOptions: le.httpsOptions }
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
servers.startServers(
|
servers = servers.startServers(
|
||||||
args.http01Port || [80], []
|
args.http01Port || [80], []
|
||||||
, { debug: args.debug }
|
, { debug: args.debug }
|
||||||
);
|
);
|
||||||
|
@ -83,16 +98,15 @@ module.exports.run = function (args) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note: can't use args directly as null values will overwrite template values
|
// Note: can't use args directly as null values will overwrite template values
|
||||||
return greenlock.register({
|
le.register({
|
||||||
debug: args.debug
|
debug: args.debug
|
||||||
, email: args.email
|
, email: args.email
|
||||||
, agreeTos: args.agreeTos
|
, agreeTos: args.agreeTos
|
||||||
, communityMember: args.communityMember
|
|
||||||
, domains: args.domains
|
, domains: args.domains
|
||||||
, rsaKeySize: args.rsaKeySize
|
, rsaKeySize: args.rsaKeySize
|
||||||
, challengeType: challengeType
|
, challengeType: challengeType
|
||||||
}).then(function (certs) {
|
}).then(function (certs) {
|
||||||
if (!certs.renewing) {
|
if (!certs._renewing) {
|
||||||
return certs;
|
return certs;
|
||||||
}
|
}
|
||||||
console.log("");
|
console.log("");
|
||||||
|
@ -101,8 +115,12 @@ module.exports.run = function (args) {
|
||||||
console.log("\tValid until " + new Date(certs.expiresAt).toISOString() + "");
|
console.log("\tValid until " + new Date(certs.expiresAt).toISOString() + "");
|
||||||
console.log("");
|
console.log("");
|
||||||
console.log("Renewing them now");
|
console.log("Renewing them now");
|
||||||
return certs.renewing;
|
return certs._renewing;
|
||||||
}).then(function (certs) {
|
}).then(function (certs) {
|
||||||
|
if (servers) {
|
||||||
|
servers.closeServers();
|
||||||
|
}
|
||||||
|
|
||||||
console.log("");
|
console.log("");
|
||||||
console.log("Got certificate(s) for " + certs.altnames.join(', '));
|
console.log("Got certificate(s) for " + certs.altnames.join(', '));
|
||||||
console.log("\tIssued at " + new Date(certs.issuedAt).toISOString() + "");
|
console.log("\tIssued at " + new Date(certs.issuedAt).toISOString() + "");
|
||||||
|
@ -120,29 +138,21 @@ module.exports.run = function (args) {
|
||||||
console.log('Certificates installed at:');
|
console.log('Certificates installed at:');
|
||||||
console.log(
|
console.log(
|
||||||
[
|
[
|
||||||
// args.privkeyPath
|
|
||||||
args.certPath
|
args.certPath
|
||||||
, args.chainPath
|
, args.chainPath
|
||||||
, args.fullchainPath
|
, args.fullchainPath
|
||||||
, args.bundlePath || ''
|
].join('\n')
|
||||||
].join('\n').replace(/\n+/g, '\n')
|
|
||||||
.replace(/:configDir/g, args.configDir)
|
.replace(/:configDir/g, args.configDir)
|
||||||
.replace(/:hostname/g, args.domains[0])
|
.replace(/:hostname/g, args.domains[0])
|
||||||
);
|
);
|
||||||
console.log("");
|
console.log("");
|
||||||
|
|
||||||
if (servers) {
|
process.exit(0);
|
||||||
return servers.closeServers({ debug: args.debug }).then(function() {
|
|
||||||
return 0;
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}, function (err) {
|
}, function (err) {
|
||||||
console.error('[Error]: greenlock-cli');
|
console.error('[Error]: greenlock-cli');
|
||||||
console.error(err.stack || new Error('get stack').stack);
|
console.error(err.stack || new Error('get stack').stack);
|
||||||
|
|
||||||
return 1;
|
process.exit(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
151
installer/get.sh
151
installer/get.sh
|
@ -1,151 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#<pre><code>
|
|
||||||
|
|
||||||
# This is a 3 step process
|
|
||||||
# 1. First we need to figure out whether to use wget or curl for fetching remote files
|
|
||||||
# 2. Next we need to figure out whether to use unzip or tar for downloading releases
|
|
||||||
# 3. We need to actually install the stuff
|
|
||||||
|
|
||||||
set -e
|
|
||||||
set -u
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# #
|
|
||||||
# http_get #
|
|
||||||
# boilerplate for curl / wget #
|
|
||||||
# #
|
|
||||||
###############################
|
|
||||||
|
|
||||||
# See https://git.coolaj86.com/coolaj86/snippets/blob/master/bash/http-get.sh
|
|
||||||
|
|
||||||
_my_http_get=""
|
|
||||||
_my_http_opts=""
|
|
||||||
_my_http_out=""
|
|
||||||
|
|
||||||
detect_http_get()
|
|
||||||
{
|
|
||||||
set +e
|
|
||||||
if type -p curl >/dev/null 2>&1; then
|
|
||||||
_my_http_get="curl"
|
|
||||||
_my_http_opts="-fsSL"
|
|
||||||
_my_http_out="-o"
|
|
||||||
elif type -p wget >/dev/null 2>&1; then
|
|
||||||
_my_http_get="wget"
|
|
||||||
_my_http_opts="--quiet"
|
|
||||||
_my_http_out="-O"
|
|
||||||
else
|
|
||||||
echo "Aborted, could not find curl or wget"
|
|
||||||
return 7
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
}
|
|
||||||
|
|
||||||
http_get()
|
|
||||||
{
|
|
||||||
$_my_http_get $_my_http_opts $_my_http_out "$2" "$1"
|
|
||||||
touch "$2"
|
|
||||||
}
|
|
||||||
|
|
||||||
http_bash()
|
|
||||||
{
|
|
||||||
_http_url=$1
|
|
||||||
my_args=${2:-}
|
|
||||||
rm -rf my-tmp-runner.sh
|
|
||||||
$_my_http_get $_my_http_opts $_my_http_out my-tmp-runner.sh "$_http_url"; bash my-tmp-runner.sh $my_args; rm my-tmp-runner.sh
|
|
||||||
}
|
|
||||||
|
|
||||||
detect_http_get
|
|
||||||
|
|
||||||
###############################
|
|
||||||
## END HTTP_GET ##
|
|
||||||
###############################
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo ""
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
if [ -z "${GREENLOCK_PATH:-}" ]; then
|
|
||||||
echo 'GREENLOCK_PATH="'${GREENLOCK_PATH:-}'"'
|
|
||||||
GREENLOCK_PATH=/opt/greenlock
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Installing Greenlock to '$GREENLOCK_PATH'"
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
echo "sudo mkdir -p '$GREENLOCK_PATH'"
|
|
||||||
sudo mkdir -p "$GREENLOCK_PATH"
|
|
||||||
echo "sudo chown -R $(whoami) '$GREENLOCK_PATH'"
|
|
||||||
sudo chown -R $(whoami) "$GREENLOCK_PATH"
|
|
||||||
|
|
||||||
echo "Installing node.js dependencies into $GREENLOCK_PATH"
|
|
||||||
# until node v10.x gets fix for ursa we have no advantage to switching from 8.x
|
|
||||||
export NODEJS_VER=v8.11.1
|
|
||||||
export NODE_PATH="$GREENLOCK_PATH/lib/node_modules"
|
|
||||||
export NPM_CONFIG_PREFIX="$GREENLOCK_PATH"
|
|
||||||
export PATH="$GREENLOCK_PATH/bin:$PATH"
|
|
||||||
sleep 1
|
|
||||||
http_bash https://git.coolaj86.com/coolaj86/node-installer.sh/raw/branch/master/install.sh --no-dev-deps >/dev/null 2>/dev/null
|
|
||||||
|
|
||||||
my_tree="master"
|
|
||||||
my_node="$GREENLOCK_PATH/bin/node"
|
|
||||||
my_npm="$my_node $GREENLOCK_PATH/bin/npm"
|
|
||||||
my_tmp="$GREENLOCK_PATH/tmp"
|
|
||||||
mkdir -p $my_tmp
|
|
||||||
|
|
||||||
echo "Installing Greenlock into $GREENLOCK_PATH"
|
|
||||||
set +e
|
|
||||||
my_unzip=$(type -p unzip)
|
|
||||||
my_tar=$(type -p tar)
|
|
||||||
if [ -n "$my_unzip" ]; then
|
|
||||||
rm -f $my_tmp/greenlock-$my_tree.zip
|
|
||||||
http_get https://git.coolaj86.com/coolaj86/greenlock-cli.js/archive/$my_tree.zip $my_tmp/greenlock-$my_tree.zip
|
|
||||||
# -o means overwrite, and there is no option to strip
|
|
||||||
$my_unzip -o $my_tmp/greenlock-$my_tree.zip -d $GREENLOCK_PATH/ > /dev/null
|
|
||||||
cp -ar $GREENLOCK_PATH/greenlock-cli.js/* $GREENLOCK_PATH/ > /dev/null
|
|
||||||
rm -rf $GREENLOCK_PATH/greenlock-cli.js
|
|
||||||
elif [ -n "$my_tar" ]; then
|
|
||||||
rm -f $my_tmp/greenlock-$my_tree.tar.gz
|
|
||||||
http_get https://git.coolaj86.com/coolaj86/greenlock-cli.js/archive/$my_tree.tar.gz $my_tmp/greenlock-$my_tree.tar.gz
|
|
||||||
ls -lah $my_tmp/greenlock-$my_tree.tar.gz
|
|
||||||
$my_tar -xzf $my_tmp/greenlock-$my_tree.tar.gz --strip 1 -C $GREENLOCK_PATH/
|
|
||||||
else
|
|
||||||
echo "Neither tar nor unzip found. Abort."
|
|
||||||
exit 13
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
pushd $GREENLOCK_PATH >/dev/null
|
|
||||||
$my_npm install >/dev/null 2>/dev/null
|
|
||||||
popd >/dev/null
|
|
||||||
|
|
||||||
cat << EOF > $GREENLOCK_PATH/bin/greenlock
|
|
||||||
#!/bin/bash
|
|
||||||
$my_node $GREENLOCK_PATH/bin/greenlock.js
|
|
||||||
EOF
|
|
||||||
chmod a+x $GREENLOCK_PATH/bin/greenlock
|
|
||||||
echo "Creating link to 'greenlock' in /usr/local/bin"
|
|
||||||
echo "sudo ln -sf $GREENLOCK_PATH/bin/greenlock /usr/local/bin/greenlock"
|
|
||||||
sudo ln -sf $GREENLOCK_PATH/bin/greenlock /usr/local/bin/greenlock
|
|
||||||
|
|
||||||
set +e
|
|
||||||
if type -p setcap >/dev/null 2>&1; then
|
|
||||||
echo ""
|
|
||||||
echo "Setting permissions to allow Greenlock to run on port 80 and port 443 without sudo or root"
|
|
||||||
echo "sudo setcap cap_net_bind_service=+ep $GREENLOCK_PATH/bin/node"
|
|
||||||
sudo setcap cap_net_bind_service=+ep $GREENLOCK_PATH/bin/node
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo ""
|
|
||||||
echo "Installed successfully. Try it out:"
|
|
||||||
echo ""
|
|
||||||
echo " greenlock --help"
|
|
||||||
echo ""
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
#sudo setcap cap_net_bind_service=+ep $GREENLOCK_PATH/bin/node
|
|
||||||
|
|
||||||
#https://git.coolaj86.com/coolaj86/greenlock-cli.js.git
|
|
||||||
#https://git.coolaj86.com/coolaj86/greenlock-cli.js/archive/:tree:.tar.gz
|
|
||||||
#https://git.coolaj86.com/coolaj86/greenlock-cli.js/archive/:tree:.zip
|
|
|
@ -7,22 +7,17 @@ module.exports.create = function (challenge) {
|
||||||
_servers: []
|
_servers: []
|
||||||
|
|
||||||
, httpResponder: function (req, res) {
|
, httpResponder: function (req, res) {
|
||||||
console.info(req.method + ' ' + req.headers.host + req.url);
|
console.log('[LE-CLI] httpResponder');
|
||||||
var acmeChallengePrefix = '/.well-known/acme-challenge/';
|
var acmeChallengePrefix = '/.well-known/acme-challenge/';
|
||||||
|
|
||||||
if (0 !== req.url.indexOf(acmeChallengePrefix)) {
|
if (0 !== req.url.indexOf(acmeChallengePrefix)) {
|
||||||
res.end("Greenlock™ Commandline: https://git.coolaj86.com/coolaj86/greenlock-cli.js");
|
res.end("Let's Encrypt! Command line tool");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
var token = req.url.slice(acmeChallengePrefix.length);
|
var token = req.url.slice(acmeChallengePrefix.length);
|
||||||
|
|
||||||
challenge.get(NOBJ, req.headers.host.replace(/:.*/, ''), token, function (err, val) {
|
challenge.get(NOBJ, req.headers.host.replace(/:.*/, ''), token, function (err, val) {
|
||||||
if (val) {
|
|
||||||
console.info("Responding with authorization token '" + val + "'");
|
|
||||||
} else {
|
|
||||||
console.info("No authorization token found");
|
|
||||||
}
|
|
||||||
res.end(val || '_ ERROR challenge not found _');
|
res.end(val || '_ ERROR challenge not found _');
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -30,7 +25,7 @@ module.exports.create = function (challenge) {
|
||||||
, startServers: function (plainPorts, tlsPorts, opts) {
|
, startServers: function (plainPorts, tlsPorts, opts) {
|
||||||
opts = opts || {};
|
opts = opts || {};
|
||||||
|
|
||||||
var tlsOptions = opts.tlsOptions || {};
|
var httpsOptions = opts.httpsOptions || require('localhost.daplie.com-certificates');
|
||||||
var https = require('https');
|
var https = require('https');
|
||||||
var http = require('http');
|
var http = require('http');
|
||||||
|
|
||||||
|
@ -61,7 +56,7 @@ module.exports.create = function (challenge) {
|
||||||
|
|
||||||
// tls-sni-01-port
|
// tls-sni-01-port
|
||||||
tlsPorts.forEach(function (port) {
|
tlsPorts.forEach(function (port) {
|
||||||
var server = https.createServer(tlsOptions, servers.httpResponder);
|
var server = https.createServer(httpsOptions, servers.httpResponder);
|
||||||
|
|
||||||
servers._servers.push(server);
|
servers._servers.push(server);
|
||||||
server.listen(port, function () {
|
server.listen(port, function () {
|
||||||
|
@ -82,27 +77,11 @@ module.exports.create = function (challenge) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
, closeServers: function (opts) {
|
, closeServers: function () {
|
||||||
opts = opts || {};
|
servers._servers.forEach(function (server) {
|
||||||
return new Promise(function (done) {
|
server.close();
|
||||||
var closedServers = 0;
|
|
||||||
var serversToClose = servers._servers.length;
|
|
||||||
if (0 === serversToClose) {
|
|
||||||
done();
|
|
||||||
}
|
|
||||||
|
|
||||||
servers._servers.forEach(function (server) {
|
|
||||||
server.close(function () {
|
|
||||||
if (serversToClose === ++closedServers) {
|
|
||||||
if (opts.debug) {
|
|
||||||
console.info('Closed all servers');
|
|
||||||
}
|
|
||||||
servers._servers = [];
|
|
||||||
done();
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
servers._servers = [];
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,8 @@ module.exports.create = function (defaults) {
|
||||||
|
|
||||||
// handled as file read by web server
|
// handled as file read by web server
|
||||||
, get: function (args, domain, token, cb) {
|
, get: function (args, domain, token, cb) {
|
||||||
cb(new Error("get not implemented (on purpose) in gl-cli/lib/webroot.js"));
|
// see https://github.com/Daplie/node-letsencrypt/issues/41
|
||||||
|
cb(new Error("get not implemented (on purpose) in le-cli/lib/webroot.js"));
|
||||||
}
|
}
|
||||||
|
|
||||||
, remove: function (args, domain, token, cb) {
|
, remove: function (args, domain, token, cb) {
|
||||||
|
|
44
package.json
44
package.json
|
@ -1,40 +1,52 @@
|
||||||
{
|
{
|
||||||
"name": "greenlock-cli",
|
"name": "greenlock-cli",
|
||||||
"version": "2.3.3",
|
"version": "2.2.2",
|
||||||
"description": "Free SSL and Automated HTTPS from the Greenlock command line, modeled after certbot",
|
"description": "CLI for node-greenlock modeled after the official client",
|
||||||
"homepage": "https://greenlock.domains",
|
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"bin": {
|
"bin": {
|
||||||
"greenlock": "bin/greenlock.js"
|
"letsencrypt": "bin/letsencrypt.js",
|
||||||
|
"letsencrypt-node": "bin/letsencrypt.js",
|
||||||
|
"greenlock": "bin/greenlock.js",
|
||||||
|
"greenlock-node": "bin/greenlock.js"
|
||||||
},
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"test": "echo \"Error: no test specified\" && exit 1"
|
"test": "echo \"Error: no test specified\" && exit 1"
|
||||||
},
|
},
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.rootprojects.org/root/greenlock-cli.js.git"
|
"url": "https://git.daplie.com/Daplie/node-greenlock-cli.git"
|
||||||
},
|
},
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Let's Encrypt",
|
"node",
|
||||||
"ACME",
|
"nodejs",
|
||||||
|
"acme",
|
||||||
|
"boulder",
|
||||||
"cli",
|
"cli",
|
||||||
"letsencrypt",
|
"letsencrypt",
|
||||||
|
"greenlock",
|
||||||
|
"le",
|
||||||
"ssl",
|
"ssl",
|
||||||
"https",
|
"https",
|
||||||
"tls",
|
"tls",
|
||||||
"Free SSL"
|
"free"
|
||||||
],
|
],
|
||||||
"author": "AJ ONeal <solderjs@gmail.com> (https://solderjs.com)",
|
"author": "AJ ONeal <aj@daplie.com> (https://daplie.com)",
|
||||||
"license": "MPL-2.0",
|
"license": "(MIT OR Apache-2.0)",
|
||||||
"bugs": {
|
"bugs": {
|
||||||
"url": "https://git.rootprojects.org/root/greenlock-cli.js/issues"
|
"url": "https://git.daplie.com/Daplie/greenlock-cli/issues"
|
||||||
},
|
},
|
||||||
|
"homepage": "https://git.daplie.com/Daplie/greenlock-cli",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"cli": "^1.0.1",
|
"cli": "^0.11.1",
|
||||||
"greenlock": "^2.2.15",
|
"homedir": "^0.6.0",
|
||||||
"le-challenge-manual": "^2.1.0",
|
"le-acme-core": "^2.0.5",
|
||||||
"le-challenge-standalone": "^2.1.0",
|
"le-challenge-hooks": "^2.0.0",
|
||||||
"le-store-certbot": "^2.1.0",
|
"le-challenge-manual": "^2.0.0",
|
||||||
|
"le-challenge-sni": "^2.0.0",
|
||||||
|
"le-challenge-standalone": "^2.0.0",
|
||||||
|
"le-store-certbot": "^2.0.2",
|
||||||
|
"greenlock": "^2.1.9",
|
||||||
|
"localhost.daplie.com-certificates": "^1.2.0",
|
||||||
"mkdirp": "^0.5.1"
|
"mkdirp": "^0.5.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue