2018-05-05 19:56:28 +00:00
|
|
|
#!/usr/bin/env node
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
// This is an example for virtual hosting
|
|
|
|
|
|
|
|
|
|
var email = 'john@example.com';
|
|
|
|
|
// The prefix where sites go by name.
|
|
|
|
|
// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path
|
|
|
|
|
var srv = '/srv/www/';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var fs = require('fs');
|
|
|
|
|
var finalhandler = require('finalhandler');
|
|
|
|
|
var serveStatic = require('serve-static');
|
|
|
|
|
var path = require('path');
|
2018-08-16 08:44:10 +00:00
|
|
|
// Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
|
|
|
|
|
var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
|
2018-05-05 19:56:28 +00:00
|
|
|
|
|
|
|
|
//require('greenlock-express')
|
|
|
|
|
require('../').create({
|
|
|
|
|
|
|
|
|
|
// Let's Encrypt v2 is ACME draft 11
|
|
|
|
|
version: 'draft-11'
|
|
|
|
|
|
2018-05-19 23:54:08 +00:00
|
|
|
, server: 'https://acme-v02.api.letsencrypt.org/directory'
|
|
|
|
|
// Note: If at first you don't succeed, stop and switch to staging
|
|
|
|
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
2018-05-05 19:56:28 +00:00
|
|
|
|
|
|
|
|
, approveDomains: function (opts, certs, cb) {
|
|
|
|
|
// In this example the filesystem is our "database".
|
|
|
|
|
// We check in /srv/www for whateve.com and if it exists, it's allowed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// The domains being approved for the first time are listed in opts.domains
|
2018-05-10 06:53:45 +00:00
|
|
|
|
2018-05-05 19:56:28 +00:00
|
|
|
// Certs being renewed are listed in certs.altnames
|
|
|
|
|
if (certs) {
|
|
|
|
|
opts.domains = certs.altnames;
|
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-16 08:44:10 +00:00
|
|
|
// SECURITY Greenlock validates opts.domains ahead-of-time
|
2018-05-05 19:56:28 +00:00
|
|
|
var hostdir = path.join(srv, opts.domains[0]);
|
2018-08-16 08:44:10 +00:00
|
|
|
// TODO could test for www/no-www both in directory and IP
|
2018-05-05 19:56:28 +00:00
|
|
|
fs.readdir(hostdir, function (err, nodes) {
|
2018-08-16 08:44:10 +00:00
|
|
|
var e;
|
2018-05-05 19:56:28 +00:00
|
|
|
if (err || !nodes) {
|
2018-08-16 08:44:10 +00:00
|
|
|
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
|
2018-05-05 19:56:28 +00:00
|
|
|
console.error(err);
|
|
|
|
|
console.error(e);
|
|
|
|
|
cb(e);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO check for some sort of htaccess.json and use email in that
|
|
|
|
|
// NOTE: you can also change other options such as `challengeType` and `challenge`
|
|
|
|
|
// opts.challengeType = 'http-01';
|
|
|
|
|
// opts.challenge = require('le-challenge-fs').create({});
|
|
|
|
|
opts.email = email;
|
|
|
|
|
opts.agreeTos = true;
|
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// You MUST have access to write to directory where certs are saved
|
|
|
|
|
// ex: /home/foouser/acme/etc
|
2018-07-03 09:25:12 +00:00
|
|
|
, configDir: '~/.config/acme/'
|
2018-05-05 19:56:28 +00:00
|
|
|
|
|
|
|
|
, app: function (req, res) {
|
|
|
|
|
console.log(req.headers.host);
|
|
|
|
|
var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
|
2018-08-16 08:44:10 +00:00
|
|
|
// SECURITY sanatize hostname to prevent unauthorized fs access
|
2018-05-05 19:56:28 +00:00
|
|
|
if (!hostnameRe.test(hostname)) {
|
|
|
|
|
res.statusCode = 404;
|
|
|
|
|
res.end('Bad Hostname');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var serve = serveStatic(path.join(srv, hostname), { redirect: true });
|
|
|
|
|
serve(req, res, finalhandler(req, res));
|
|
|
|
|
}
|
2018-05-10 06:53:45 +00:00
|
|
|
|
|
|
|
|
// Get notified of important updates and help me make greenlock better
|
|
|
|
|
, communityMember: true
|
2018-05-05 19:56:28 +00:00
|
|
|
|
|
|
|
|
//, debug: true
|
|
|
|
|
|
2018-05-10 06:53:45 +00:00
|
|
|
}).listen(80, 443);
|
