Free SSL and Automatic HTTPS (ACME / Let's Encrypt v2 client) for node.js with Express, Connect, and other middleware systems
Go to file
AJ ONeal 18b36d7d23 fix maintainer email 2019-10-30 13:14:26 -06:00
dist/etc/systemd/system auto redirect www/no-www 2019-03-30 02:35:23 -06:00
examples make Prettier 2019-06-03 03:47:07 -06:00
lib make Prettier 2019-06-03 03:47:07 -06:00
scripts v2.7.14: announce deadline 2019-08-17 21:59:00 -06:00
test make Prettier 2019-06-03 03:47:07 -06:00
.gitignore Add VSCode to gitignore 2017-04-14 11:13:44 -06:00
.prettierrc make Prettier 2019-06-03 03:47:07 -06:00
LICENSE doc updates 2019-05-15 22:19:58 -06:00
README.md more attention on the simple example 2019-10-29 23:04:32 -06:00
config.js example server: add proxy and wildcard support 2019-08-01 05:44:24 +00:00
demo.js change demo agent 2019-10-29 06:53:19 +00:00
greenlock-express.js small api rework and bugfixes 2019-10-28 01:06:43 -06:00
greenlock.js fix maintainer email 2019-10-30 13:14:26 -06:00
http-middleware.js v3.0.1: http-01 and other bugfixes, update deps 2019-10-29 06:48:31 +00:00
https-middleware.js v3.0.7: bugfixes and update deps 2019-10-30 02:38:31 -06:00
install.sh v2.7.4: add a server I use 2019-04-04 00:35:15 -06:00
main.js whitespace 2019-10-28 03:52:38 -06:00
master.js v3.0.1: http-01 and other bugfixes, update deps 2019-10-29 06:48:31 +00:00
package-lock.json v3.0.7: bugfixes and update deps 2019-10-30 02:38:31 -06:00
package.json v3.0.7: bugfixes and update deps 2019-10-30 02:38:31 -06:00
servers.js updates for cluster 2019-10-28 03:43:42 -06:00
single.js updates for cluster 2019-10-28 03:43:42 -06:00
sni.js v3.0.1: http-01 and other bugfixes, update deps 2019-10-29 06:48:31 +00:00
worker.js v3.0.1: http-01 and other bugfixes, update deps 2019-10-29 06:48:31 +00:00

README.md

Greenlock Express is Let's Encrypt for Node

Greenlock Logo

| Built by Root for Hub

Free SSL, Automated HTTPS / HTTP2, served with Node via Express, Koa, hapi, etc.

Let's Encrypt for Node, Express, etc

require("greenlock-express")
	.init(function getConfig() {
		return { package: require("./package.json") };
	})
	.serve(httpsWorker);

function httpsWorker(server) {
	// Works with any Node app (Express, etc)
	var app = require("./my-express-app.js");

	// See, all normal stuff here
	app.get("/hello", function(req, res) {
		res.end("Hello, Encrypted World!");
	});

	// Serves on 80 and 443
	// Get's SSL certificates magically!
	server.serveApp(app);
}

Manage via API or the config file:

{
	"subscriberEmail": "letsencrypt-test@therootcompany.com",
	"agreeToTerms": true,
	"sites": {
		"example.com": {
			"subject": "example.com",
			"altnames": ["example.com", "www.example.com"]
		}
	}
}

Let's Encrypt for...

  • IoT
  • Enterprise On-Prem
  • Local Development
  • Home Servers
  • Quitting Heroku

Features

  • Let's Encrypt v2 (November 2019)
    • ACME Protocol (RFC 8555)
    • HTTP Validation (HTTP-01)
    • DNS Validation (DNS-01)
    • ALPN Validation (TLS-ALPN-01)
  • Automated HTTPS
    • Fully Automatic Renewals every 45 days
    • Free SSL
    • Wildcard SSL
    • Localhost certificates
    • HTTPS-enabled Secure WebSockets (wss://)
  • Fully customizable
    • Reasonable defaults
    • Domain Management
    • Key and Certificate Management
    • ACME Challenge Plugins

Plenty of Examples

Easy to Customize

QuickStart Guide

Easy as 1, 2, 3... 4

1. Create a node project

Create an empty node project.

Be sure to fill out the package name, version, and an author email.

mkdir ~/my-project
pushd ~/my-project
npm init

2. Create an http app (i.e. express)

This example is shown with Express, but any node app will doGreenlock works with everything. (or any node-style http app)

my-express-app.js:

"use strict";

// A plain, node-style app

function myPlainNodeHttpApp(req, res) {
	res.end("Hello, Encrypted World!");
}

// Wrap that plain app in express,
// because that's what you're used to

var express = require("express");
var app = express();
app.get("/", myPlainNodeHttpApp);

// export the app normally
// do not .listen()

module.exports = app;

3. Serve with Greenlock Express

Greenlock Express is designed with these goals in mind:

  • Simplicity and ease-of-use
  • Performance and scalability
  • Configurability and control

You can start with near-zero configuration and slowly add options for greater performance and customization later, if you need them.

server.js:

require("greenlock-express")
	.init(getConfig)
	.serve(worker);

function getConfig() {
	return {
		// uses name and version as part of the ACME client user-agent
		// uses author as the contact for support notices
		package: require("./package.json")
	};
}

function worker(server) {
	// Works with any Node app (Express, etc)
	var app = require("my-express-app.js");
	server.serveApp(app);
}

And start your server:

# Allow non-root node to use ports 80 (HTTP) and 443 (HTTPS)
sudo setcap 'cap_net_bind_service=+ep' $(which node)
# `npm start` will call `node ./server.js` by default
npm start
Greenlock v3.0.0
Greenlock Manager Config File: ~/.config/greenlock/manager.json
Greenlock Storage Directory: ~/.config/greenlock/

Listening on 0.0.0.0:80 for ACME challenges and HTTPS redirects
Listening on 0.0.0.0:443 for secure traffic

4. Manage domains

Management can be done via the CLI or the JavaScript API. Since this is the QuickStart, we'll demo the CLI:

You need to create a Let's Encrypt subscriber account, which can be done globally, or per-site. All individuals, and most businesses, should set this globally:

# Set a global subscriber account
npx greenlock config --subscriber-email 'mycompany@example.com' --agree-to-terms true

A Let's Encrypt SSL certificate has a "Subject" (Primary Domain) and up to 100 "Alternative Names" (of which the first must be the subject).

# Add a certificate with specific domains
npx greenlock add --subject example.com --altnames example.com,www.example.com

This will update the config file (assuming the default fs-based management plugin):

~/.config/greenlock/manager.json:

{
	"subscriberEmail": "letsencrypt-test@therootcompany.com",
	"agreeToTerms": true,
	"sites": {
		"example.com": {
			"subject": "example.com",
			"altnames": ["example.com", "www.example.com"]
		}
	}
}

Note: Localhost, Wildcard, and Certificates for Private Networks require DNS validation.

Full Documentation

Most of the documentation is done by use-case examples, as shown up at the top of the README.

We're working on more comprehensive documentation for this newly released version. Please open an issue with questions in the meantime.

Commercial Support

Do you need...

  • training?
  • specific features?
  • different integrations?
  • bugfixes, on your timeline?
  • custom code, built by experts?
  • commercial support and licensing?

You're welcome to contact us in regards to IoT, On-Prem, Enterprise, and Internal installations, integrations, and deployments.

We have both commercial support and commercial licensing available.

We also offer consulting for all-things-ACME and Let's Encrypt.

Legal & Rules of the Road

Greenlock™ is a trademark of AJ ONeal

The rule of thumb is "attribute, but don't confuse". For example:

Built with Greenlock Express (a Root project).

Please contact us if you have any questions in regards to our trademark, attribution, and/or visible source policies. We want to build great software and a great community.

Greenlock™ | MPL-2.0 | Terms of Use | Privacy Policy