greenlock-cluster.js/examples/worker.js

88 lines
2.6 KiB
JavaScript
Raw Normal View History

2016-08-10 17:10:00 +00:00
'use strict';
2016-08-12 02:55:26 +00:00
module.exports.init = function (sharedOpts) {
var worker = require('../worker').create({
2016-08-10 17:10:00 +00:00
debug: true
2016-08-11 22:44:35 +00:00
2016-08-10 17:10:00 +00:00
// We want both to renew well before the expiration date
// and also to stagger the renewals, just a touch
// here we specify to renew between 10 and 15 days
2016-08-12 07:02:33 +00:00
, renewWithin: sharedOpts.renewWithin
, renewBy: 10 * 24 * 60 * 60 * 1000 // optional
2016-08-10 17:10:00 +00:00
2016-08-11 22:44:35 +00:00
2016-08-12 02:55:26 +00:00
, webrootPath: sharedOpts.webrootPath
2016-08-11 22:44:35 +00:00
2016-08-10 17:39:58 +00:00
/*
2016-08-11 22:44:35 +00:00
challenge: {
get: function (ignored, domain, token, cb) {
cb(null, keyAuthorization);
}
}
2016-08-10 17:39:58 +00:00
, getChallenge: function (domain, token, cb) {
2016-08-11 22:44:35 +00:00
// the default behavior is to use le-challenge-fs
// TODO maybe provide a built-in option to pass a message to master to use its
// but you could overwrite that with a function to pass a message to master or,
2016-08-10 17:39:58 +00:00
// but if needed for performance, that can be overwritten here
cb(null, );
}
*/
2016-08-11 22:44:35 +00:00
// There are two approval processes:
// 1. emails are tied to private keys (accounts) which must agree to the tos url
// 2. domains are tied to accounts (and should be verifiable via loopback)
, approveDomains: function (workerOptions, certs, cb) {
2016-08-10 17:10:00 +00:00
// opts = { domains, email, agreeTos, tosUrl }
// certs = { subject, altnames, expiresAt, issuedAt }
2016-08-11 22:44:35 +00:00
var results = {
domain: workerOptions.domains[0]
, options: {
domains: certs && certs.altnames || workerOptions.domains
2016-08-12 07:08:58 +00:00
, email: 'john.doe@example.com'
2016-08-11 22:44:35 +00:00
, agreeTos: true
}
, certs: certs
};
2016-08-10 17:10:00 +00:00
// We might want to do a check to make sure that all of the domains
// specified in altnames are still approved to be renewed and have
// the correct dns entries, but generally speaking it's probably okay
// for renewals to be automatic
if (certs) {
// modify opts.domains to overwrite certs.altnames in renewal
2016-08-11 02:33:12 +00:00
cb(null, results);
2016-08-10 17:10:00 +00:00
return;
}
// This is where we would check our database to make sure that
// this user (specified by email address) has agreed to the terms
// and do some check that they have access to this domain
2016-08-11 02:33:12 +00:00
cb(null, results);
2016-08-10 17:10:00 +00:00
}
});
2016-08-10 17:39:58 +00:00
function app(req, res) {
res.end("Hello, World!");
}
2016-08-11 04:58:14 +00:00
// worker.handleAcmeOrRedirectToHttps()
// worker.handleAcmeOrUse(app)
var redirectHttps = require('redirect-https')();
var plainServer = require('http').createServer(worker.middleware(redirectHttps));
var server = require('https').createServer(worker.httpsOptions, worker.middleware(app));
2016-08-10 17:39:58 +00:00
plainServer.listen(80);
server.listen(443);
2016-08-12 02:55:26 +00:00
};