whitespace
This commit is contained in:
parent
b80537f07b
commit
61fb942dda
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"bracketSpacing": true,
|
"bracketSpacing": true,
|
||||||
"printWidth": 120,
|
"printWidth": 120,
|
||||||
"tabWidth": 2,
|
"tabWidth": 4,
|
||||||
"trailingComma": "none",
|
"trailingComma": "none",
|
||||||
"useTabs": true
|
"useTabs": false
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
// npm install spdy@3.x
|
||||||
|
|
||||||
|
//var Greenlock = require('greenlock-express')
|
||||||
|
var Greenlock = require("../");
|
||||||
|
|
||||||
|
var greenlock = Greenlock.create({
|
||||||
|
// Let's Encrypt v2 is ACME draft 11
|
||||||
|
version: "draft-11",
|
||||||
|
|
||||||
|
server: "https://acme-v02.api.letsencrypt.org/directory",
|
||||||
|
// Note: If at first you don't succeed, stop and switch to staging
|
||||||
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
// You MUST change this to a valid email address
|
||||||
|
email: "jon@example.com",
|
||||||
|
|
||||||
|
// You MUST NOT build clients that accept the ToS without asking the user
|
||||||
|
agreeTos: true,
|
||||||
|
|
||||||
|
// You MUST change these to valid domains
|
||||||
|
// NOTE: all domains will validated and listed on the certificate
|
||||||
|
approvedDomains: ["example.com", "www.example.com"],
|
||||||
|
|
||||||
|
// You MUST have access to write to directory where certs are saved
|
||||||
|
// ex: /home/foouser/acme/etc
|
||||||
|
configDir: "~/.config/acme/",
|
||||||
|
|
||||||
|
// Get notified of important updates and help me make greenlock better
|
||||||
|
communityMember: true
|
||||||
|
|
||||||
|
//, debug: true
|
||||||
|
});
|
||||||
|
|
||||||
|
////////////////////////
|
||||||
|
// http-01 Challenges //
|
||||||
|
////////////////////////
|
||||||
|
|
||||||
|
// http-01 challenge happens over http/1.1, not http2
|
||||||
|
var redirectHttps = require("redirect-https")();
|
||||||
|
var acmeChallengeHandler = greenlock.middleware(function(req, res) {
|
||||||
|
res.setHeader("Content-Type", "text/html; charset=utf-8");
|
||||||
|
res.end(
|
||||||
|
"<h1>Hello, ⚠️ Insecure World!</h1><a>Visit Secure Site</a>" +
|
||||||
|
'<script>document.querySelector("a").href=window.location.href.replace(/^http/i, "https");</script>'
|
||||||
|
);
|
||||||
|
});
|
||||||
|
require("http")
|
||||||
|
.createServer(acmeChallengeHandler)
|
||||||
|
.listen(80, function() {
|
||||||
|
console.log("Listening for ACME http-01 challenges on", this.address());
|
||||||
|
});
|
||||||
|
|
||||||
|
////////////////////////
|
||||||
|
// http2 via SPDY h2 //
|
||||||
|
////////////////////////
|
||||||
|
|
||||||
|
// spdy is a drop-in replacement for the https API
|
||||||
|
var spdyOptions = Object.assign({}, greenlock.tlsOptions);
|
||||||
|
spdyOptions.spdy = { protocols: ["h2", "http/1.1"], plain: false };
|
||||||
|
var server = require("spdy").createServer(
|
||||||
|
spdyOptions,
|
||||||
|
require("express")().use("/", function(req, res) {
|
||||||
|
res.setHeader("Content-Type", "text/html; charset=utf-8");
|
||||||
|
res.end("<h1>Hello, 🔐 Secure World!</h1>");
|
||||||
|
})
|
||||||
|
);
|
||||||
|
server.on("error", function(err) {
|
||||||
|
console.error(err);
|
||||||
|
});
|
||||||
|
server.on("listening", function() {
|
||||||
|
console.log("Listening for SPDY/http2/https requests on", this.address());
|
||||||
|
});
|
||||||
|
server.listen(443);
|
|
@ -0,0 +1,30 @@
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
//require('greenlock-express')
|
||||||
|
require("../")
|
||||||
|
.create({
|
||||||
|
// Let's Encrypt v2 is ACME draft 11
|
||||||
|
version: "draft-11",
|
||||||
|
|
||||||
|
server: "https://acme-v02.api.letsencrypt.org/directory",
|
||||||
|
// Note: If at first you don't succeed, stop and switch to staging
|
||||||
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
email: "john.doe@example.com",
|
||||||
|
|
||||||
|
agreeTos: true,
|
||||||
|
|
||||||
|
approvedDomains: ["example.com", "www.example.com"],
|
||||||
|
|
||||||
|
app: require("express")().use("/", function(req, res) {
|
||||||
|
res.end("Hello, World!");
|
||||||
|
}),
|
||||||
|
|
||||||
|
renewWithin: 91 * 24 * 60 * 60 * 1000,
|
||||||
|
renewBy: 90 * 24 * 60 * 60 * 1000,
|
||||||
|
|
||||||
|
// Get notified of important updates and help me make greenlock better
|
||||||
|
communityMember: true,
|
||||||
|
debug: true
|
||||||
|
})
|
||||||
|
.listen(80, 443);
|
|
@ -0,0 +1,104 @@
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
//
|
||||||
|
// WARNING: Not for noobs
|
||||||
|
// Try the simple example first
|
||||||
|
//
|
||||||
|
|
||||||
|
//
|
||||||
|
// This demo is used with tunnel-server.js and tunnel-client.js
|
||||||
|
//
|
||||||
|
|
||||||
|
var email = "john.doe@gmail.com";
|
||||||
|
var domains = ["example.com"];
|
||||||
|
var agreeLeTos = true;
|
||||||
|
//var secret = "My Little Brony";
|
||||||
|
var secret = require("crypto")
|
||||||
|
.randomBytes(16)
|
||||||
|
.toString("hex");
|
||||||
|
|
||||||
|
require("../")
|
||||||
|
.create({
|
||||||
|
version: "draft-11",
|
||||||
|
|
||||||
|
server: "https://acme-v02.api.letsencrypt.org/directory",
|
||||||
|
// Note: If at first you don't succeed, stop and switch to staging
|
||||||
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
email: email,
|
||||||
|
agreeTos: agreeLeTos,
|
||||||
|
approveDomains: domains,
|
||||||
|
configDir: "~/.config/acme/",
|
||||||
|
app: remoteAccess(secret),
|
||||||
|
// Get notified of important updates and help me make greenlock better
|
||||||
|
communityMember: true
|
||||||
|
//, debug: true
|
||||||
|
})
|
||||||
|
.listen(3000, 8443);
|
||||||
|
|
||||||
|
function remoteAccess(secret) {
|
||||||
|
var express = require("express");
|
||||||
|
var basicAuth = require("express-basic-auth");
|
||||||
|
var serveIndex = require("serve-index");
|
||||||
|
|
||||||
|
var rootIndex = serveIndex("/", { hidden: true, icons: true, view: "details" });
|
||||||
|
var rootFs = express.static("/", { dotfiles: "allow", redirect: true, index: false });
|
||||||
|
|
||||||
|
var userIndex = serveIndex(require("os").homedir(), { hidden: true, icons: true, view: "details" });
|
||||||
|
var userFs = express.static(require("os").homedir(), { dotfiles: "allow", redirect: true, index: false });
|
||||||
|
|
||||||
|
var app = express();
|
||||||
|
var realm = "Login Required";
|
||||||
|
|
||||||
|
var myAuth = basicAuth({
|
||||||
|
users: { root: secret, user: secret },
|
||||||
|
challenge: true,
|
||||||
|
realm: realm,
|
||||||
|
unauthorizedResponse: function(/*req*/) {
|
||||||
|
return 'Unauthorized <a href="/">Home</a>';
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
app.get("/", function(req, res) {
|
||||||
|
res.setHeader("Content-Type", "text/html; charset=utf-8");
|
||||||
|
res.end('<a href="/browse/">View Files</a>' + " | " + '<a href="/logout/">Logout</a>');
|
||||||
|
});
|
||||||
|
app.use("/logout", function(req, res) {
|
||||||
|
res.setHeader("Content-Type", "text/html; charset=utf-8");
|
||||||
|
res.setHeader("WWW-Authenticate", 'Basic realm="' + realm + '"');
|
||||||
|
res.statusCode = 401;
|
||||||
|
//res.setHeader('Location', '/');
|
||||||
|
res.end('Logged out | <a href="/">Home</a>');
|
||||||
|
});
|
||||||
|
app.use("/browse", myAuth);
|
||||||
|
app.use("/browse", function(req, res, next) {
|
||||||
|
if ("root" === req.auth.user) {
|
||||||
|
rootFs(req, res, function() {
|
||||||
|
rootIndex(req, res, next);
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if ("user" === req.auth.user) {
|
||||||
|
userFs(req, res, function() {
|
||||||
|
userIndex(req, res, next);
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
res.end("Sad Panda");
|
||||||
|
});
|
||||||
|
|
||||||
|
console.log("");
|
||||||
|
console.log("");
|
||||||
|
console.log("Usernames are\n");
|
||||||
|
console.log("\troot");
|
||||||
|
console.log("\tuser");
|
||||||
|
console.log("");
|
||||||
|
console.log("Password (for both) is\n");
|
||||||
|
console.log("\t" + secret);
|
||||||
|
console.log("");
|
||||||
|
console.log("Shhhh... It's a secret to everybody!");
|
||||||
|
console.log("");
|
||||||
|
console.log("");
|
||||||
|
|
||||||
|
return app;
|
||||||
|
}
|
|
@ -0,0 +1,134 @@
|
||||||
|
#!/usr/bin/env node
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
///////////////////
|
||||||
|
// vhost example //
|
||||||
|
///////////////////
|
||||||
|
|
||||||
|
//
|
||||||
|
// virtual hosting example
|
||||||
|
//
|
||||||
|
|
||||||
|
// The prefix where sites go by name.
|
||||||
|
// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path
|
||||||
|
var srv = process.argv[3] || "/srv/www/";
|
||||||
|
|
||||||
|
var path = require("path");
|
||||||
|
var fs = require("fs").promises;
|
||||||
|
var finalhandler = require("finalhandler");
|
||||||
|
var serveStatic = require("serve-static");
|
||||||
|
|
||||||
|
//var glx = require('greenlock-express')
|
||||||
|
var glx = require("./").create({
|
||||||
|
version: "draft-11", // Let's Encrypt v2 is ACME draft 11
|
||||||
|
|
||||||
|
server: "https://acme-v02.api.letsencrypt.org/directory", // If at first you don't succeed, stop and switch to staging
|
||||||
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
configDir: process.argv[4] || "~/.config/acme/", // You MUST have access to write to directory where certs
|
||||||
|
// are saved. ex: /home/foouser/.config/acme
|
||||||
|
|
||||||
|
approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the
|
||||||
|
// domain name here and reject invalid ones
|
||||||
|
|
||||||
|
app: myVhostApp, // Any node-style http app (i.e. express, koa, hapi, rill)
|
||||||
|
|
||||||
|
/* CHANGE TO A VALID EMAIL */
|
||||||
|
email: process.argv[2] || "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security
|
||||||
|
agreeTos: true // Accept Let's Encrypt ToS
|
||||||
|
//, communityMember: true // Join Greenlock to get important updates, no spam
|
||||||
|
|
||||||
|
//, debug: true
|
||||||
|
});
|
||||||
|
|
||||||
|
var server = glx.listen(80, 443);
|
||||||
|
server.on("listening", function() {
|
||||||
|
console.info(server.type + " listening on", server.address());
|
||||||
|
});
|
||||||
|
|
||||||
|
function myApproveDomains(opts, certs, cb) {
|
||||||
|
console.log("sni:", opts.domain);
|
||||||
|
// In this example the filesystem is our "database".
|
||||||
|
// We check in /srv/www for whatever.com and if it exists, it's allowed
|
||||||
|
|
||||||
|
// SECURITY Greenlock validates opts.domains ahead-of-time so you don't have to
|
||||||
|
return checkWwws(opts.domains[0])
|
||||||
|
.then(function() {
|
||||||
|
//opts.email = email;
|
||||||
|
opts.agreeTos = true;
|
||||||
|
cb(null, { options: opts, certs: certs });
|
||||||
|
})
|
||||||
|
.catch(cb);
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkWwws(_hostname) {
|
||||||
|
if (!_hostname) {
|
||||||
|
// SECURITY, don't allow access to the 'srv' root
|
||||||
|
// (greenlock-express uses middleware to check '..', etc)
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
var hostname = _hostname;
|
||||||
|
var _hostdir = path.join(srv, hostname);
|
||||||
|
var hostdir = _hostdir;
|
||||||
|
// TODO could test for www/no-www both in directory
|
||||||
|
return fs
|
||||||
|
.readdir(hostdir)
|
||||||
|
.then(function() {
|
||||||
|
// TODO check for some sort of htaccess.json and use email in that
|
||||||
|
// NOTE: you can also change other options such as `challengeType` and `challenge`
|
||||||
|
// opts.challengeType = 'http-01';
|
||||||
|
// opts.challenge = require('le-challenge-fs').create({});
|
||||||
|
return hostname;
|
||||||
|
})
|
||||||
|
.catch(function() {
|
||||||
|
if ("www." === hostname.slice(0, 4)) {
|
||||||
|
// Assume we'll redirect to non-www if it's available.
|
||||||
|
hostname = hostname.slice(4);
|
||||||
|
hostdir = path.join(srv, hostname);
|
||||||
|
return fs.readdir(hostdir).then(function() {
|
||||||
|
// TODO list both domains?
|
||||||
|
return hostname;
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// Or check and see if perhaps we should redirect non-www to www
|
||||||
|
hostname = "www." + hostname;
|
||||||
|
hostdir = path.join(srv, hostname);
|
||||||
|
return fs.readdir(hostdir).then(function() {
|
||||||
|
// TODO list both domains?
|
||||||
|
return hostname;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.catch(function() {
|
||||||
|
throw new Error("rejecting '" + _hostname + "' because '" + _hostdir + "' could not be read");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function myVhostApp(req, res) {
|
||||||
|
// SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access so you don't have to
|
||||||
|
// (also: only domains approved above will get here)
|
||||||
|
console.log("vhost:", req.headers.host);
|
||||||
|
if (!req.headers.host) {
|
||||||
|
// SECURITY, don't allow access to the 'srv' root
|
||||||
|
// (greenlock-express uses middleware to check '..', etc)
|
||||||
|
return res.end();
|
||||||
|
}
|
||||||
|
|
||||||
|
// We could cache wether or not a host exists for some amount of time
|
||||||
|
var fin = finalhandler(req, res);
|
||||||
|
return checkWwws(req.headers.host)
|
||||||
|
.then(function(hostname) {
|
||||||
|
if (hostname !== req.headers.host) {
|
||||||
|
res.statusCode = 302;
|
||||||
|
res.setHeader("Location", "https://" + hostname);
|
||||||
|
// SECURITY this is safe only because greenlock disallows invalid hostnames
|
||||||
|
res.end("<!-- redirecting to https://" + hostname + "-->");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
var serve = serveStatic(path.join(srv, hostname), { redirect: true });
|
||||||
|
serve(req, res, fin);
|
||||||
|
})
|
||||||
|
.catch(function() {
|
||||||
|
fin();
|
||||||
|
});
|
||||||
|
}
|
|
@ -0,0 +1,77 @@
|
||||||
|
#!/usr/bin/env node
|
||||||
|
"use strict";
|
||||||
|
/*global Promise*/
|
||||||
|
|
||||||
|
///////////////////////
|
||||||
|
// wildcard example //
|
||||||
|
//////////////////////
|
||||||
|
|
||||||
|
//
|
||||||
|
// wildcard example
|
||||||
|
//
|
||||||
|
|
||||||
|
//var glx = require('greenlock-express')
|
||||||
|
var glx = require("../").create({
|
||||||
|
version: "draft-11", // Let's Encrypt v2 is ACME draft 11
|
||||||
|
|
||||||
|
server: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
||||||
|
//, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
|
||||||
|
// https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
configDir: "~/acme/", // You MUST have access to write to directory where certs
|
||||||
|
// are saved. ex: /home/foouser/.config/acme
|
||||||
|
|
||||||
|
approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the
|
||||||
|
// domain name here and reject invalid ones
|
||||||
|
|
||||||
|
app: require("./my-express-app.js"), // Any node-style http app (i.e. express, koa, hapi, rill)
|
||||||
|
|
||||||
|
/* CHANGE TO A VALID EMAIL */
|
||||||
|
email: "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security
|
||||||
|
agreeTos: true, // Accept Let's Encrypt ToS
|
||||||
|
communityMember: true, // Join Greenlock to (very rarely) get important updates
|
||||||
|
|
||||||
|
//, debug: true
|
||||||
|
store: require("le-store-fs")
|
||||||
|
});
|
||||||
|
|
||||||
|
var server = glx.listen(80, 443);
|
||||||
|
server.on("listening", function() {
|
||||||
|
console.info(server.type + " listening on", server.address());
|
||||||
|
});
|
||||||
|
|
||||||
|
function myApproveDomains(opts) {
|
||||||
|
console.log("sni:", opts.domain);
|
||||||
|
|
||||||
|
// must be 'example.com' or start with 'example.com'
|
||||||
|
if (
|
||||||
|
"example.com" !== opts.domain &&
|
||||||
|
"example.com" !==
|
||||||
|
opts.domain
|
||||||
|
.split(".")
|
||||||
|
.slice(1)
|
||||||
|
.join(".")
|
||||||
|
) {
|
||||||
|
return Promise.reject(new Error("we don't serve your kind here: " + opts.domain));
|
||||||
|
}
|
||||||
|
|
||||||
|
// the primary domain for the cert
|
||||||
|
opts.subject = "example.com";
|
||||||
|
// the altnames (including the primary)
|
||||||
|
opts.domains = [opts.subject, "*.example.com"];
|
||||||
|
|
||||||
|
if (!opts.challenges) {
|
||||||
|
opts.challenges = {};
|
||||||
|
}
|
||||||
|
opts.challenges["http-01"] = require("le-challenge-fs").create({});
|
||||||
|
// Note: When implementing a dns-01 plugin you should make it check in a loop
|
||||||
|
// until it can positively confirm that the DNS changes have propagated.
|
||||||
|
// That could take several seconds to a few minutes.
|
||||||
|
opts.challenges["dns-01"] = require("le-challenge-dns").create({});
|
||||||
|
|
||||||
|
// explicitly set account id and certificate.id
|
||||||
|
opts.account = { id: opts.email };
|
||||||
|
opts.certificate = { id: opts.subject };
|
||||||
|
|
||||||
|
return Promise.resolve(opts);
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@root/greenlock-express",
|
"name": "@root/greenlock-express",
|
||||||
"version": "3.0.11",
|
"version": "3.0.13",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@root/greenlock-express",
|
"name": "@root/greenlock-express",
|
||||||
"version": "3.0.12",
|
"version": "3.0.13",
|
||||||
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
|
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
|
||||||
"main": "greenlock-express.js",
|
"main": "greenlock-express.js",
|
||||||
"homepage": "https://greenlock.domains",
|
"homepage": "https://greenlock.domains",
|
||||||
|
|
|
@ -79,7 +79,11 @@ Servers.create = function(greenlock) {
|
||||||
servers.serveApp = function(app) {
|
servers.serveApp = function(app) {
|
||||||
return new Promise(function(resolve, reject) {
|
return new Promise(function(resolve, reject) {
|
||||||
if ("function" !== typeof app) {
|
if ("function" !== typeof app) {
|
||||||
reject(new Error("glx.serveApp(app) expects a node/express app in the format `function (req, res) { ... }`"));
|
reject(
|
||||||
|
new Error(
|
||||||
|
"glx.serveApp(app) expects a node/express app in the format `function (req, res) { ... }`"
|
||||||
|
)
|
||||||
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue