From f2dfbfac14d82cf96c490c84212242782eb0f7da Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 15 Aug 2018 20:29:28 -0600 Subject: [PATCH] rename normal.js -> production.js --- examples/normal.js | 90 +----------------------------------------- examples/production.js | 89 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 89 deletions(-) mode change 100644 => 120000 examples/normal.js create mode 100644 examples/production.js diff --git a/examples/normal.js b/examples/normal.js deleted file mode 100644 index c9e1da3..0000000 --- a/examples/normal.js +++ /dev/null @@ -1,89 +0,0 @@ -'use strict'; - -// -// My Secure Server -// -//require('greenlock-express') -require('../').create({ - - // Let's Encrypt v2 is ACME draft 11 - // Note: If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - server: 'https://acme-v02.api.letsencrypt.org/directory' -, version: 'draft-11' - // You MUST have write access to save certs -, configDir: '~/.config/acme/' - -// The previous 'simple' example set these values statically, -// but this example uses approveDomains() to set them dynamically -//, email: 'none@see.note.above' -//, agreeTos: false - - // approveDomains is the right place to check a database for - // email addresses with domains and agreements and such -, approveDomains: approveDomains - -, app: require('./my-express-app.js') - - // Get notified of important updates and help me make greenlock better -, communityMember: true - -//, debug: true - -}).listen(80, 443); - - -// -// My Secure Database Check -// -function approveDomains(opts, certs, cb) { - - // The domains being approved for the first time are listed in opts.domains - // Certs being renewed are listed in certs.altnames - if (certs) { - opts.domains = certs.altnames; - cb(null, { options: opts, certs: certs }); - return; - } - - // Only one domain is listed with *automatic* registration via SNI - // (it's an array because managed registration allows for multiple domains, - // which was the case in the simple example) - console.log(opts.domains); - - fooCheckDb(opts.domains, function (err, agree, email) { - if (err) { cb(err); return; } - - // You MUST NOT build clients that accept the ToS without asking the user - opts.agreeTos = agree; - opts.email = email; - - // NOTE: you can also change other options such as `challengeType` and `challenge` - // (this would be helpful if you decided you wanted wildcard support as a domain altname) - // opts.challengeType = 'http-01'; - // opts.challenge = require('le-challenge-fs').create({}); - - cb(null, { options: opts, certs: certs }); - }); -} - - -// -// My User / Domain Database -// -function fooCheckDb(domains, cb) { - // This is an oversimplified example of how we might implement a check in - // our database if we have different rules for different users and domains - var domains = [ 'example.com', 'www.example.com' ]; - var userEmail = 'john.doe@example.com'; - var userAgrees = true; - var passCheck = opts.domains.every(function (domain) { - return -1 !== domains.indexOf(domain); - }); - - if (!passCheck) { - cb(new Error('domain not allowed'); - } else { - cb(null, userAgrees, userEmail); - } -} diff --git a/examples/normal.js b/examples/normal.js new file mode 120000 index 0000000..ff7f8cb --- /dev/null +++ b/examples/normal.js @@ -0,0 +1 @@ +production.js \ No newline at end of file diff --git a/examples/production.js b/examples/production.js new file mode 100644 index 0000000..c9e1da3 --- /dev/null +++ b/examples/production.js @@ -0,0 +1,89 @@ +'use strict'; + +// +// My Secure Server +// +//require('greenlock-express') +require('../').create({ + + // Let's Encrypt v2 is ACME draft 11 + // Note: If at first you don't succeed, stop and switch to staging + // https://acme-staging-v02.api.letsencrypt.org/directory + server: 'https://acme-v02.api.letsencrypt.org/directory' +, version: 'draft-11' + // You MUST have write access to save certs +, configDir: '~/.config/acme/' + +// The previous 'simple' example set these values statically, +// but this example uses approveDomains() to set them dynamically +//, email: 'none@see.note.above' +//, agreeTos: false + + // approveDomains is the right place to check a database for + // email addresses with domains and agreements and such +, approveDomains: approveDomains + +, app: require('./my-express-app.js') + + // Get notified of important updates and help me make greenlock better +, communityMember: true + +//, debug: true + +}).listen(80, 443); + + +// +// My Secure Database Check +// +function approveDomains(opts, certs, cb) { + + // The domains being approved for the first time are listed in opts.domains + // Certs being renewed are listed in certs.altnames + if (certs) { + opts.domains = certs.altnames; + cb(null, { options: opts, certs: certs }); + return; + } + + // Only one domain is listed with *automatic* registration via SNI + // (it's an array because managed registration allows for multiple domains, + // which was the case in the simple example) + console.log(opts.domains); + + fooCheckDb(opts.domains, function (err, agree, email) { + if (err) { cb(err); return; } + + // You MUST NOT build clients that accept the ToS without asking the user + opts.agreeTos = agree; + opts.email = email; + + // NOTE: you can also change other options such as `challengeType` and `challenge` + // (this would be helpful if you decided you wanted wildcard support as a domain altname) + // opts.challengeType = 'http-01'; + // opts.challenge = require('le-challenge-fs').create({}); + + cb(null, { options: opts, certs: certs }); + }); +} + + +// +// My User / Domain Database +// +function fooCheckDb(domains, cb) { + // This is an oversimplified example of how we might implement a check in + // our database if we have different rules for different users and domains + var domains = [ 'example.com', 'www.example.com' ]; + var userEmail = 'john.doe@example.com'; + var userAgrees = true; + var passCheck = opts.domains.every(function (domain) { + return -1 !== domains.indexOf(domain); + }); + + if (!passCheck) { + cb(new Error('domain not allowed'); + } else { + cb(null, userAgrees, userEmail); + } +}