letsencrypt to greenlock
This commit is contained in:
parent
fce08dec51
commit
2feecb017d
38
README.md
38
README.md
|
@ -15,12 +15,12 @@ Tired of serving the Empire? Come join the Rebel Alliance:
|
|||
|
||||
[![Join the chat at https://gitter.im/coolaj86/letsencrypt-express](https://badges.gitter.im/coolaj86/letsencrypt-express.svg)](https://gitter.im/coolaj86/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
|
||||
| [letsencrypt (lib)](https://git.coolaj86.com/coolaj86/node-greenlock)
|
||||
| [letsencrypt-cli](https://git.coolaj86.com/coolaj86/greenlock-cli)
|
||||
| [letsencrypt-express](https://git.coolaj86.com/coolaj86/greenlock-express)
|
||||
| **letsencrypt-cluster**
|
||||
| [letsencrypt-koa](https://git.coolaj86.com/coolaj86/greenlock-koa)
|
||||
| [letsencrypt-hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi)
|
||||
| [greenlock (lib)](https://git.coolaj86.com/coolaj86/node-greenlock)
|
||||
| [greenlock-cli](https://git.coolaj86.com/coolaj86/greenlock-cli)
|
||||
| [greenlock-express](https://git.coolaj86.com/coolaj86/greenlock-express)
|
||||
| **greenlock-cluster**
|
||||
| [greenlock-koa](https://git.coolaj86.com/coolaj86/greenlock-koa)
|
||||
| [greenlock-hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi)
|
||||
|
|
||||
|
||||
greenlock-cluster (letsencrypt-cluster)
|
||||
|
@ -37,7 +37,7 @@ Install
|
|||
=======
|
||||
|
||||
```bash
|
||||
npm install --save letsencrypt-cluster@2.x
|
||||
npm install --save greenlock-cluster@2.x
|
||||
```
|
||||
|
||||
Usage
|
||||
|
@ -81,14 +81,14 @@ main.init(sharedOptions);
|
|||
Master
|
||||
------
|
||||
|
||||
We think it makes the most sense to load letsencrypt in master.
|
||||
We think it makes the most sense to load greenlock in master.
|
||||
This can prevent race conditions (see [node-letsencrypt#45](https://github.com/coolaj86/node-letsencrypt/issues/45))
|
||||
as only one process is writing the to file system or database at a time.
|
||||
|
||||
The main implementation detail here is `approveDomains(options, certs, cb)` for new domain certificates
|
||||
and potentially `agreeToTerms(opts, cb)` for new accounts.
|
||||
|
||||
The master takes **the same arguments** as `node-letsencrypt` (`challenge`, `store`, etc),
|
||||
The master takes **the same arguments** as `node-greenlock` (`challenge`, `store`, etc),
|
||||
plus a few extra (`approveDomains`... okay, just one extra):
|
||||
|
||||
`master.js`:
|
||||
|
@ -99,7 +99,7 @@ var cluster = require('cluster');
|
|||
|
||||
module.exports.init = function (sharedOpts) {
|
||||
var cores = require('os').cpus();
|
||||
var leMaster = require('letsencrypt-cluster/master').create({
|
||||
var leMaster = require('greenlock-cluster/master').create({
|
||||
debug: sharedOpts.debug
|
||||
|
||||
, server: 'staging' // CHANGE TO PRODUCTION
|
||||
|
@ -128,18 +128,18 @@ module.exports.init = function (sharedOpts) {
|
|||
|
||||
### API
|
||||
|
||||
All options are passed directly to `node-letsencrypt`
|
||||
(in other works, `leMaster` is a `letsencrypt` instance),
|
||||
but a few are only actually used by `letsencrypt-cluster`.
|
||||
All options are passed directly to `node-greenlock`
|
||||
(in other works, `leMaster` is a `greenlock` instance),
|
||||
but a few are only actually used by `greenlock-cluster`.
|
||||
|
||||
* `leOptions.approveDomains(options, certs, cb)` is special for `letsencrypt-cluster`, but will probably be included in `node-letsencrypt` in the future (no API change).
|
||||
* `leOptions.approveDomains(options, certs, cb)` is special for `greenlock-cluster`, but will probably be included in `node-greenlock` in the future (no API change).
|
||||
|
||||
* `leMaster.addWorker(worker)` is added by `letsencrypt-cluster` and **must be called** for each new worker.
|
||||
* `leMaster.addWorker(worker)` is added by `greenlock-cluster` and **must be called** for each new worker.
|
||||
|
||||
Worker
|
||||
------
|
||||
|
||||
The worker takes *similar* arguments to `node-letsencrypt`,
|
||||
The worker takes *similar* arguments to `node-greenlock`,
|
||||
but only ones that are useful for determining certificate
|
||||
renewal and for `le.challenge.get`.
|
||||
|
||||
|
@ -150,7 +150,7 @@ If you want to a non-default `le.challenge`
|
|||
'use strict';
|
||||
|
||||
module.exports.init = function (sharedOpts) {
|
||||
var leWorker = require('letsencrypt-cluster/worker').create({
|
||||
var leWorker = require('greenlock-cluster/worker').create({
|
||||
debug: sharedOpts.debug
|
||||
|
||||
, renewWithin: sharedOpts.renewWithin
|
||||
|
@ -206,12 +206,12 @@ module.exports.init = function (sharedOpts) {
|
|||
|
||||
### API
|
||||
|
||||
`node-letsencrypt` is **not used** directly by the worker,
|
||||
`node-greenlock` is **not used** directly by the worker,
|
||||
but certain options are shared because certain logic is duplicated.
|
||||
|
||||
* `leOptions.renewWithin` is shared so that the worker knows how earlier to request a new cert
|
||||
* `leOptions.renewBy` is passed to `le-sni-auto` so that it staggers renewals between `renewWithin` (latest) and `renewBy` (earlier)
|
||||
* `leWorker.middleware(nextApp)` uses `letsencrypt/middleware` for GET-ing `http-01`, hence `sharedOptions.webrootPath`
|
||||
* `leWorker.middleware(nextApp)` uses `greenlock/middleware` for GET-ing `http-01`, hence `sharedOptions.webrootPath`
|
||||
* `leWorker.httpsOptions` has a default localhost certificate and the `SNICallback`.
|
||||
|
||||
There are a few options that aren't shown in these examples, so if you need to change something
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
letsencrypt cluster examples
|
||||
greenlock cluster examples
|
||||
-------------------
|
||||
|
||||
First you need to change the email address in `examples/worker.js`.
|
||||
|
|
|
@ -18,7 +18,7 @@ else {
|
|||
|
||||
|
||||
|
||||
// this is nothing letsencrypt-cluster specific
|
||||
// this is nothing greenlock-cluster specific
|
||||
// I'm just arbitrarily choosing to share some configuration
|
||||
// that I know I'm going to use in both places
|
||||
main.init({
|
||||
|
@ -28,6 +28,6 @@ main.init({
|
|||
// using using le-challenge-fs (as you'll see), I'm only sharing the webrootPath
|
||||
webrootPath: require('os').tmpdir() + require('path').sep + 'acme-challenge'
|
||||
|
||||
// this is used both by node-letsencrypt (master) and le-sni-auto (worker)
|
||||
// this is used both by node-greenlock (master) and le-sni-auto (worker)
|
||||
, renewWithin: 15 * 24 * 60 * 60 * 1000
|
||||
});
|
||||
|
|
6
index.js
6
index.js
|
@ -1,11 +1,11 @@
|
|||
'use strict';
|
||||
|
||||
console.error("");
|
||||
console.error("One does not simply require('letsencrypt-cluster');");
|
||||
console.error("One does not simply require('greenlock-cluster');");
|
||||
console.error("");
|
||||
console.error("Usage:");
|
||||
console.error("\trequire('letsencrypt-cluster/master').create({ ... });");
|
||||
console.error("\trequire('letsencrypt-cluster/worker').create({ ... });");
|
||||
console.error("\trequire('greenlock-cluster/master').create({ ... });");
|
||||
console.error("\trequire('greenlock-cluster/worker').create({ ... });");
|
||||
console.error("");
|
||||
console.error("");
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ module.exports.create = function (opts) {
|
|||
opts = opts || { };
|
||||
opts._workers = [];
|
||||
opts.webrootPath = opts.webrootPath || require('os').tmpdir() + require('path').sep + 'acme-challenge';
|
||||
if (!opts.letsencrypt) { opts.letsencrypt = require('letsencrypt').create(opts); }
|
||||
if (!opts.greenlock) { opts.greenlock = require('greenlock').create(opts); }
|
||||
if ('function' !== typeof opts.approveDomains) {
|
||||
throw new Error("You must provide opts.approveDomains(domain, certs, callback) to approve certificates");
|
||||
}
|
||||
|
@ -67,10 +67,10 @@ module.exports.create = function (opts) {
|
|||
// */
|
||||
|
||||
if (results.certs) {
|
||||
promise = opts.letsencrypt.renew(results.options, results.certs);
|
||||
promise = opts.greenlock.renew(results.options, results.certs);
|
||||
}
|
||||
else {
|
||||
promise = opts.letsencrypt.register(results.options);
|
||||
promise = opts.greenlock.register(results.options);
|
||||
}
|
||||
|
||||
promise.then(function (certs) {
|
||||
|
|
Loading…
Reference in New Issue