Compare commits

..

16 Commits

Author SHA1 Message Date
AJ ONeal f2b21a9572 typo fix 2020-04-29 15:59:01 +00:00
AJ ONeal 82b96d20a8 v2.1.4: fix typo in README 2019-01-17 09:52:46 -07:00
AJ ONeal f81c28a2f2 Merge branch 'master' of snowdream/greenlock-koa.js into master
Thanks. Sorry I didn't see this sooner.
2019-01-15 06:00:38 +00:00
snowdream 3775998627 Update 'README.md'
fix #1
2019-01-09 14:39:11 +00:00
AJ ONeal 84190bf6bf Update '.github/ISSUE_TEMPLATE.md' 2018-11-21 23:22:19 +00:00
AJ ONeal 5b7e962963 add homepage url 2018-05-10 13:54:49 -06:00
AJ ONeal 72fd25d54f update LICENSE 2018-05-10 13:00:14 -06:00
AJ ONeal e689306a77 update Koa docs 2018-05-10 12:51:54 -06:00
AJ ONeal 844dc7abd4 Update 'README.md' 2018-04-20 06:33:56 +00:00
AJ ONeal da7b06a1ab Update 'README.md' 2018-04-20 06:28:05 +00:00
AJ ONeal cf220e5727 Update 'README.md' 2018-04-20 06:27:36 +00:00
Drew Warren 15a9765927 v2.0.4 2017-04-14 11:31:12 -06:00
Drew Warren e1f22e4075 fix git url 2017-04-14 11:31:08 -06:00
Drew Warren 31d3205a6b v2.0.3 2017-02-01 09:32:17 -07:00
Drew Warren 11694324ef Correct URL in package.json 2017-02-01 09:32:11 -07:00
Drew Warren 6bba1d596f v2.0.2 2017-01-25 15:16:43 -07:00
5 changed files with 149 additions and 76 deletions

View File

@ -2,10 +2,11 @@
ATTENTION! ATTENTION!
========== ==========
Please report issues at https://github.com/Daplie/letsencrypt-express Please report issues at https://git.coolaj86.com/coolaj86/greenlock-express.js
======== ========
ACHTUNG! ACHTUNG!
======== ========
Bitte melden Sie Probleme bei https://github.com/Daplie/letsencrypt-express Bitte melden Sie Probleme bei
https://git.coolaj86.com/coolaj86/greenlock-express.js

31
LICENSE
View File

@ -1,3 +1,32 @@
At your option you may choose either of the following licenses:
* The MIT License (MIT)
* The Apache License 2.0 (Apache-2.0)
The MIT License (MIT)
Copyright (c) 2016-2018 AJ ONeal
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Apache License Apache License
Version 2.0, January 2004 Version 2.0, January 2004
http://www.apache.org/licenses/ http://www.apache.org/licenses/
@ -186,7 +215,7 @@
same "printed page" as the copyright notice for easier same "printed page" as the copyright notice for easier
identification within third-party archives. identification within third-party archives.
Copyright {yyyy} {name of copyright owner} Copyright 2015 AJ ONeal
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

166
README.md
View File

@ -1,105 +1,139 @@
<!-- BANNER_TPL_BEGIN --> # Greenlock&trade; for Koa
About Daplie: We're taking back the Internet! An Automated HTTPS ACME client (Let's Encrypt v2) for Koa
--------------
Down with Google, Apple, and Facebook! Greenlock&trade; for
[Browsers](https://git.coolaj86.com/coolaj86/greenlock.html),
[Node.js](https://git.coolaj86.com/coolaj86/greenlock.js),
[Commandline](https://git.coolaj86.com/coolaj86/greenlock-cli.js),
[Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js),
[Node.js Cluster](https://git.coolaj86.com/coolaj86/greenlock-cluster.js),
[hapi](https://git.coolaj86.com/coolaj86/greenlock-hapi.js),
**Koa**,
and [rill](https://git.coolaj86.com/coolaj86/greenlock-rill.js)
| Sponsered by [ppl](https://ppl.family)
We're re-decentralizing the web and making it read-write again - one home cloud system at a time. Features
========
Tired of serving the Empire? Come join the Rebel Alliance: * [x] Automatic Registration via SNI (`httpsOptions.SNICallback`)
* [x] Secure domain approval callback
* [x] Automatic renewal between 10 and 14 days before expiration
* [x] Virtual Hosting (vhost) with Multiple Domains & SAN
* [x] and [more](https://git.coolaj86.com/coolaj86/greenlock-express.js)
* [x] plugins for AWS, redis, and more
<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone This module is just an alias for greenlock-express.js,
which works with any middleware system.
<!-- BANNER_TPL_END -->
# greenlock-koa (greenlock-koa)
[![Join the chat at https://gitter.im/Daplie/letsencrypt-express](https://badges.gitter.im/Daplie/letsencrypt-express.svg)](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
| [greenlock (lib)](https://git.daplie.com/Daplie/node-greenlock)
| [greenlock-cli](https://git.daplie.com/Daplie/greenlock-cli)
| [greenlock-express](https://git.daplie.com/Daplie/greenlock-express)
| [greenlock-cluster](https://git.daplie.com/Daplie/greenlock-cluster)
| **greenlock-koa**
| [greenlock-hapi](https://git.daplie.com/Daplie/greenlock-hapi)
|
Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
* **registrations** require an **approval callback** in *production*
* Automatic Renewal (around 80 days)
* **renewals** are *fully automatic* and happen in the *background*, with **no downtime**
* Automatic vhost / virtual hosting
All you have to do is start the webserver and then visit it at it's domain name.
## Install ## Install
``` ```
npm install --save greenlock-express@2.x npm install --save greenlock-koa@2.x
``` ```
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express) QuickStart
==========
### Part 1: Setup
```javascript ```javascript
'use strict'; 'use strict';
var le = require('greenlock-express').create({ //////////////////////
server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory' // Greenlock Setup //
//////////////////////
, configDir: require('os').homedir() + '/letsencrypt/etc' var greenlock = require('greenlock-koa').create({
version: 'draft-11' // Let's Encrypt v2
// You MUST change this to 'https://acme-v02.api.letsencrypt.org/directory' in production
, server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
, approveDomains: function (opts, certs, cb) { , email: 'jon@example.com'
opts.domains = certs && certs.altnames || opts.domains; , agreeTos: true
opts.email = 'john.doe@example.com' // CHANGE ME , approveDomains: [ 'example.com' ]
opts.agreeTos = true;
cb(null, { options: opts, certs: certs }); // Join the community to get notified of important updates
} // and help make greenlock better
, communityMember: true
, debug: true , configDir: require('os').homedir() + '/acme/etc'
//, debug: true
}); });
```
WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually*:
```bash //////////////////
npm install -g greenlock-cli // Just add Koa //
//////////////////
greenlock certonly --standalone \
--server 'https://acme-v01.api.letsencrypt.org/directory' \
--config-dir ~/letsencrypt/etc \
--agree-tos --domains example.com --email user@example.com
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
```
### Part 2: Just add Koa
```javascript
var http = require('http'); var http = require('http');
var https = require('spdy'); var https = require('https');
var koa = require('koa'); var koa = require('koa');
var app = koa(); var app = new koa();
app.use(function *() { app.use(function *() {
this.body = 'Hello World'; this.body = 'Hello World';
}); });
var server = https.createServer(le.httpsOptions, le.middleware(app.callback())); // https server
var server = https.createServer(greenlock.tlsOptions, greenlock.middleware(app.callback()));
server.listen(443, function () { server.listen(443, function () {
console.log('Listening at https://localhost:' + this.address().port); console.log('Listening at https://localhost:' + this.address().port);
}); });
// http redirect to https
var http = require('http'); var http = require('http');
var redirectHttps = koa().use(require('koa-sslify')()).callback(); var redirectHttps = app.use(require('koa-sslify')()).callback();
http.createServer(le.middleware(redirectHttps)).listen(80, function () { http.createServer(greenlock.middleware(redirectHttps)).listen(80, function () {
console.log('handle ACME http-01 challenge and redirect to https'); console.log('Listening on port 80 to handle ACME http-01 challenge and redirect to https');
}); });
``` ```
Handling a dynamic list of domains
========================
If you handle multiple domains and you dynamically add new ones,
you'll want to replace the static list of domains in `approveDomains`
with a function like this:
```js
function approveDomains(opts, certs, cb) {
// This is where you check your database and associated
// email addresses with domains and agreements and such
// The domains being approved for the first time are listed in opts.domains
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = certs.altnames;
}
else {
// Do something to
opts.email = 'john.doe@example.com';
opts.agreeTos = true;
}
opts.communityMember = true;
// NOTE: you can also change other options such as `challengeType` and `challenge`
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
cb(null, { options: opts, certs: certs });
}
```
**SECURITY**: Be careful with this.
If you don't check that the domains being requested are the domains you
allow an attacker can make you hit your rate limit for failed verification
attempts.
See the
[vhost example](https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/vhost.js)
for an idea of how this is done.
More Usage & Troubleshooting
============================
See <https://git.coolaj86.com/coolaj86/greenlock-express.js>

8
index.js Normal file
View File

@ -0,0 +1,8 @@
'use strict';
module.exports = require('greenlock-express');
module.exports._greenlockExpressCreate = module.exports.create;
module.exports.create = function (opts) {
opts._communityPackage = opts._communityPackage || 'greenlock-koa';
return module.exports._greenlockExpressCreate(opts);
};

View File

@ -1,14 +1,15 @@
{ {
"name": "greenlock-koa", "name": "greenlock-koa",
"version": "2.0.1", "homepage": "https://git.coolaj86.com/coolaj86/greenlock-koa.js",
"description": "Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via ACME (Let's Encrypt)", "version": "2.1.4",
"description": "An Automated HTTPS ACME client (Let's Encrypt v2) for Koa",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git@git.daplie.com:Daplie/greenlock-koa.git" "url": "git+https://git.coolaj86.com/coolaj86/greenlock-koa.js.git"
}, },
"keywords": [ "keywords": [
"acme", "acme",
@ -16,17 +17,17 @@
"cluster", "cluster",
"free", "free",
"greenlock", "greenlock",
"freessl",
"free ssl",
"https", "https",
"koa", "koa",
"le", "le",
"letsencrypt", "letsencrypt",
"multi-core",
"node", "node",
"node.js", "node.js",
"scale",
"ssl", "ssl",
"tls" "tls"
], ],
"author": "AJ ONeal <aj@daplie.com> (https://daplie.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "(MIT OR Apache-2.0)" "license": "(MIT OR Apache-2.0)"
} }