update for latest greenlock

This commit is contained in:
AJ ONeal 2018-05-10 13:35:48 -06:00
parent b65fd583d8
commit 85d9547b4d
4 changed files with 123 additions and 71 deletions

31
LICENSE
View File

@ -1,3 +1,32 @@
At your option you may choose either of the following licenses:
* The MIT License (MIT)
* The Apache License 2.0 (Apache-2.0)
The MIT License (MIT)
Copyright (c) 2016-2018 AJ ONeal
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Apache License Apache License
Version 2.0, January 2004 Version 2.0, January 2004
http://www.apache.org/licenses/ http://www.apache.org/licenses/
@ -186,7 +215,7 @@
same "printed page" as the copyright notice for easier same "printed page" as the copyright notice for easier
identification within third-party archives. identification within third-party archives.
Copyright {yyyy} {name of copyright owner} Copyright 2015 AJ ONeal
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

134
README.md
View File

@ -1,81 +1,76 @@
# greenlock-hapi # Greenlock™ for hapi
(previously letsencrypt-hapi) An Automated HTTPS ACME client (Let's Encrypt v2) for hapi
| [greenlock (lib)](https://git.coolaj86.com/coolaj86/greenlock.js) | Sponsered by [ppl](https://ppl.family)
| [greenlock-cli](https://git.coolaj86.com/coolaj86/greenlock-cli.js) | Greenlock™ is for
| [greenlock-express](https://git.coolaj86.com/coolaj86/greenlock-express.js) [Browsers](https://git.coolaj86.com/coolaj86/greenlock.html),
| [greenlock-cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js) [Node.js](https://git.coolaj86.com/coolaj86/greenlock.js),
| [greenlock-koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js) [Commandline](https://git.coolaj86.com/coolaj86/greenlock-cli.js),
| **greenlock-hapi** [Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js),
| [Node.js Cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js),
**hapi**,
[Koa](https://git.coolaj86.com/coolaj86/greenlock-koa.js),
and [rill](https://git.coolaj86.com/coolaj86/greenlock-rill.js) |
Free SSL and Automatic HTTPS for node.js with hapi.js and other middleware systems via Let's Encrypt Features
========
* Automatic Registration via SNI (`httpsOptions.SNICallback`) * [x] Automatic Registration via SNI (`httpsOptions.SNICallback`)
* **registrations** require an **approval callback** in *production* * [x] Secure domain approval callback
* Automatic Renewal (around 80 days) * [x] Automatic renewal between 10 and 14 days before expiration
* **renewals** are *fully automatic* and happen in the *background*, with **no downtime** * [x] Virtual Hosting (vhost) with Multiple Domains & SAN
* Automatic vhost / virtual hosting * [x] plugins for AWS, redis, etc
* [x] and [more](https://git.coolaj86.com/coolaj86/greenlock-express.js)
All you have to do is start the webserver and then visit it at it's domain name. This module is just an alias for greenlock-express.js,
which works with any middleware system.
## Install Install
=======
``` ```
npm install --save greenlock-express@2.x npm install --save greenlock-hapi@2.x
``` ```
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express) QuickStart
==========
### Part 1: Configure Greenlock
```javascript ```javascript
'use strict'; 'use strict';
var le = require('greenlock-express').create({ //////////////////////
// Greenlock Setup //
//////////////////////
var greenlock = require('greenlock-hapi').create({
version: 'draft-11' // Let's Encrypt v2
// You MUST change this to 'https://acme-v02.api.letsencrypt.org/directory' in production // You MUST change this to 'https://acme-v02.api.letsencrypt.org/directory' in production
server: 'https://acme-staging-v02.api.letsencrypt.org/directory' , server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
, version: 'draft-11' // Let's Encrypt v2
, configDir: require('os').homedir() + '/letsencrypt/etc' , email: 'jon@example.com'
, agreeTos: true
, approveDomains: [ 'example.com' ]
, approveDomains: function (opts, certs, cb) { // Join the community to get notified of important updates
opts.domains = certs && certs.altnames || opts.domains; // and help make greenlock better
opts.email = 'john.doe@example.com' // CHANGE ME , communityMember: true
opts.agreeTos = true;
cb(null, { options: opts, certs: certs }); , configDir: require('os').homedir() + '/acme/etc'
}
, debug: true //, debug: true
}); });
```
WARNING: If you don't do any checks and simply complete `approveDomains` callback,
an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited
and/or blocked from the ACME server.
Alternatively, You can run registration *manually*:
```bash ///////////////////
npm install -g greenlock-cli // Just add hapi //
///////////////////
greenlock certonly --standalone \
--server 'https://acme-v02.api.letsencrypt.org/directory' \
--config-dir ~/acme/etc \
--agree-tos --domains example.com --email user@example.com
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```
### Part 2: Just add Hapi
```javascript
var hapi = require('hapi'); var hapi = require('hapi');
var https = require('spdy'); var https = require('https');
var server = new hapi.Server(); var server = new hapi.Server();
var acmeResponder = le.middleware(); var acmeResponder = greenlock.middleware();
var httpsServer = https.createServer(le.httpsOptions).listen(443); var httpsServer = https.createServer(greenlock.httpsOptions).listen(443);
server.connection({ listener: httpsServer, autoListen: false, tls: true }); server.connection({ listener: httpsServer, autoListen: false, tls: true });
@ -98,15 +93,38 @@ server.route({
reply("Hello, I'm so Hapi!"); reply("Hello, I'm so Hapi!");
} }
}); });
```
### Part 3: Redirect http to https
```javascript //
// http redirect to https
//
var http = require('http'); var http = require('http');
var redirectHttps = require('redirect-https')(); var redirectHttps = require('redirect-https')();
http.createServer(le.middleware(redirectHttps)).listen(80, function () { http.createServer(greenlock.middleware(redirectHttps)).listen(80, function () {
console.log('handle ACME http-01 challenge and redirect to https'); console.log('Listening on port 80 to handle ACME http-01 challenge and redirect to https');
}); });
``` ```
Usage & Troubleshooting
============================
See <https://git.coolaj86.com/coolaj86/greenlock-express.js>
Handling a dynamic list of domains
========================
In the oversimplified exapmple above we handle a static list of domains.
If you add domains programmatically you'll want to use the `approveDomains`
callback.
**SECURITY**: Be careful with this.
If you don't check that the domains being requested are the domains you
allow an attacker can make you hit your rate limit for failed verification
attempts.
We have a
[vhost example](https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/vhost.js)
that allows any domain for which there is a folder on the filesystem in a specific location.
See that example for an idea of how this is done.

View File

@ -1,3 +1,8 @@
'use strict'; 'use strict';
module.exports = require('greenlock-express'); module.exports = require('greenlock-express');
module.exports._greenlockExpressCreate = module.exports.create;
module.create = function (opts) {
opts._communityPackage = opts._communityPackage || 'greenlock-hapi';
return module.exports._greenlockExpressCreate(opts);
};

View File

@ -1,32 +1,32 @@
{ {
"name": "greenlock-hapi", "name": "greenlock-hapi",
"version": "2.0.4", "version": "2.1.2",
"description": "Free SSL and Automatic HTTPS for node.js with hapi and other middleware systems via ACME (Let's Encrypt)", "description": "An Automated HTTPS ACME client (Let's Encrypt v2) for hapi",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git+git.daplie.com/Daplie/greenlock-hapi.git" "url": "git+https://git.coolaj86.com/coolaj86/greenlock-hapi.js.git"
}, },
"keywords": [ "keywords": [
"hapi",
"acme", "acme",
"cloud", "cloud",
"cluster", "cluster",
"free", "free",
"greenlock", "greenlock",
"freessl",
"free ssl",
"https", "https",
"hapi",
"le", "le",
"letsencrypt", "letsencrypt",
"multi-core",
"node", "node",
"node.js", "node.js",
"scale",
"ssl", "ssl",
"tls" "tls"
], ],
"author": "AJ ONeal <aj@daplie.com> (https://daplie.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "(MIT OR Apache-2.0)" "license": "(MIT OR Apache-2.0)"
} }