diff --git a/examples/normal.js b/examples/normal.js new file mode 100644 index 0000000..be27040 --- /dev/null +++ b/examples/normal.js @@ -0,0 +1,95 @@ +'use strict'; + +// +// My Express App +// +var express = require('express'); +var app = express(); + +app.use('/', function (req, res) { + res.setHeader('Content-Type', 'text/html; charset=utf-8') + res.end('Hello, World!\n\nšŸ’š šŸ”’.js'); +}); + + +// +// My Secure Server +// +//require('greenlock-express') +require('../').create({ + + // Let's Encrypt v2 is ACME draft 11 + version: 'draft-11' + + // You MUST change 'acme-staging-v02' to 'acme-v02' in production +, server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // staging + + // approveDomains is the right place to check a database for + // email addresses with domains and agreements and such +, approveDomains: approveDomains + + // You MUST have access to write to directory where certs are saved + // ex: /home/foouser/acme/etc +, configDir: require('path').join(require('os').homedir(), 'acme', 'etc') + +, app: app + +//, debug: true + +}).listen(80, 443); + + +// +// My Secure Database Check +// +function approveDomains(opts, certs, cb) { + + // The domains being approved for the first time are listed in opts.domains + // Certs being renewed are listed in certs.altnames + if (certs) { + opts.domains = certs.altnames; + cb(null, { options: opts, certs: certs }); + return; + } + + // Only one domain is listed with *automatic* registration via SNI + // (it's an array because managed registration allows for multiple domains, + // which was the case in the simple example) + console.log(opts.domains); + + fooCheckDb(opts.domains, function (err, agree, email) { + if (err) { cb(err); return; } + + // You MUST NOT build clients that accept the ToS without asking the user + opts.agreeTos = agree; + opts.email = email; + + // NOTE: you can also change other options such as `challengeType` and `challenge` + // (this would be helpful if you decided you wanted wildcard support as a domain altname) + // opts.challengeType = 'http-01'; + // opts.challenge = require('le-challenge-fs').create({}); + + cb(null, { options: opts, certs: certs }); + }); +} + + +// +// My User / Domain Database +// +function fooCheckDb(domains, cb) { + // This is an oversimplified example of how we might implement a check in + // our database if we have different rules for different users and domains + var domains = [ 'example.com', 'www.example.com' ]; + var userEmail = 'john.doe@example.com'; + var userAgrees = true; + var passCheck = opts.domains.every(function (domain) { + return -1 !== domains.indexOf(domain); + }); + + if (!passCheck) { + cb(new Error('domain not allowed'); + } else { + cb(null, userAgrees, userEmail); + } +}