2018-04-20 06:28:05 +00:00
# greenlock-koa
(previously letsencrypt-koa)
2016-04-22 18:12:45 +00:00
2018-04-20 06:33:56 +00:00
| Sponsered by [ppl ](https://ppl.family )
2018-04-20 06:27:36 +00:00
| [greenlock (lib) ](https://git.coolaj86.com/coolaj86/greenlock.js )
| [greenlock-cli ](https://git.coolaj86.com/coolaj86/greenlock-cli.js )
| [greenlock-express ](https://git.coolaj86.com/coolaj86/greenlock-express.js )
| [greenlock-cluster ](https://git.coolaj86.com/coolaj86/greenlock-cluster.js )
2017-01-25 22:14:39 +00:00
| **greenlock-koa**
2018-04-20 06:27:36 +00:00
| [greenlock-hapi ](https://git.coolaj86.com/coolaj86/greenlock-hapi.js )
2016-04-22 18:20:15 +00:00
|
2016-04-18 17:05:06 +00:00
Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt
2016-04-18 17:07:30 +00:00
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
* **registrations** require an **approval callback** in *production*
* Automatic Renewal (around 80 days)
* **renewals** are *fully automatic* and happen in the *background* , with **no downtime**
* Automatic vhost / virtual hosting
All you have to do is start the webserver and then visit it at it's domain name.
## Install
```
2017-01-25 22:14:39 +00:00
npm install --save greenlock-express@2.x
2016-04-18 17:07:30 +00:00
```
2017-01-25 22:14:39 +00:00
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express)
2016-04-18 17:08:49 +00:00
2016-04-18 17:07:30 +00:00
### Part 1: Setup
```javascript
'use strict';
2017-01-25 22:14:39 +00:00
var le = require('greenlock-express').create({
2018-04-20 06:27:36 +00:00
// You MUST change this to 'https://acme-v02.api.letsencrypt.org/directory' in production
server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
, version: 'draft-11' // Let's Encrypt v2
2016-08-16 20:58:02 +00:00
2018-04-20 06:27:36 +00:00
, configDir: require('os').homedir() + '/acme/etc'
2016-08-16 20:58:02 +00:00
, approveDomains: function (opts, certs, cb) {
opts.domains = certs & & certs.altnames || opts.domains;
opts.email = 'john.doe@example.com' // CHANGE ME
opts.agreeTos = true;
cb(null, { options: opts, certs: certs });
2016-04-18 17:07:30 +00:00
}
2016-08-16 20:58:02 +00:00
, debug: true
2016-04-18 17:07:30 +00:00
});
```
WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually* :
```bash
2017-01-25 22:14:39 +00:00
npm install -g greenlock-cli
2016-04-18 17:07:30 +00:00
2017-01-25 22:14:39 +00:00
greenlock certonly --standalone \
2018-04-20 06:27:36 +00:00
--server 'https://acme-v02.api.letsencrypt.org/directory' \
2016-04-18 17:07:30 +00:00
--config-dir ~/letsencrypt/etc \
--agree-tos --domains example.com --email user@example.com
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```
### Part 2: Just add Koa
```javascript
var http = require('http');
2016-04-18 17:09:44 +00:00
var https = require('spdy');
2016-04-18 17:07:30 +00:00
var koa = require('koa');
var app = koa();
app.use(function *() {
this.body = 'Hello World';
});
2016-08-16 20:58:02 +00:00
var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));
2016-04-18 17:07:30 +00:00
server.listen(443, function () {
console.log('Listening at https://localhost:' + this.address().port);
});
2016-08-16 20:58:02 +00:00
var http = require('http');
var redirectHttps = koa().use(require('koa-sslify')()).callback();
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
console.log('handle ACME http-01 challenge and redirect to https');
2016-04-18 17:07:30 +00:00
});
```
