106 lines
3.5 KiB
Markdown
106 lines
3.5 KiB
Markdown
<!-- BANNER_TPL_BEGIN -->
|
|
|
|
About Daplie: We're taking back the Internet!
|
|
--------------
|
|
|
|
Down with Google, Apple, and Facebook!
|
|
|
|
We're re-decentralizing the web and making it read-write again - one home cloud system at a time.
|
|
|
|
Tired of serving the Empire? Come join the Rebel Alliance:
|
|
|
|
<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone
|
|
|
|
<!-- BANNER_TPL_END -->
|
|
|
|
# greenlock-koa (greenlock-koa)
|
|
|
|
[](https://gitter.im/Daplie/letsencrypt-express?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
|
|
|
| [greenlock (lib)](https://git.daplie.com/Daplie/node-greenlock)
|
|
| [greenlock-cli](https://git.daplie.com/Daplie/greenlock-cli)
|
|
| [greenlock-express](https://git.daplie.com/Daplie/greenlock-express)
|
|
| [greenlock-cluster](https://git.daplie.com/Daplie/greenlock-cluster)
|
|
| **greenlock-koa**
|
|
| [greenlock-hapi](https://git.daplie.com/Daplie/greenlock-hapi)
|
|
|
|
|
|
|
Free SSL and Automatic HTTPS for node.js with KOA and other middleware systems via Let's Encrypt
|
|
|
|
* Automatic Registration via SNI (`httpsOptions.SNICallback`)
|
|
* **registrations** require an **approval callback** in *production*
|
|
* Automatic Renewal (around 80 days)
|
|
* **renewals** are *fully automatic* and happen in the *background*, with **no downtime**
|
|
* Automatic vhost / virtual hosting
|
|
|
|
All you have to do is start the webserver and then visit it at it's domain name.
|
|
|
|
## Install
|
|
|
|
```
|
|
npm install --save greenlock-express@2.x
|
|
```
|
|
|
|
*Pay no attention to the man behind the curtain.* (just ignore that the name of the module is greenlock-express)
|
|
|
|
### Part 1: Setup
|
|
|
|
```javascript
|
|
'use strict';
|
|
|
|
var le = require('greenlock-express').create({
|
|
server: 'staging' // in production use 'https://acme-v01.api.letsencrypt.org/directory'
|
|
|
|
, configDir: require('os').homedir() + '/letsencrypt/etc'
|
|
|
|
, approveDomains: function (opts, certs, cb) {
|
|
opts.domains = certs && certs.altnames || opts.domains;
|
|
opts.email = 'john.doe@example.com' // CHANGE ME
|
|
opts.agreeTos = true;
|
|
|
|
cb(null, { options: opts, certs: certs });
|
|
}
|
|
|
|
, debug: true
|
|
});
|
|
```
|
|
|
|
WARNING: If you don't do any checks and simply complete `approveRegistration` callback, an attacker will spoof SNI packets with bad hostnames and that will cause you to be rate-limited and or blocked from the ACME server. Alternatively, You can run registration *manually*:
|
|
|
|
```bash
|
|
npm install -g greenlock-cli
|
|
|
|
greenlock certonly --standalone \
|
|
--server 'https://acme-v01.api.letsencrypt.org/directory' \
|
|
--config-dir ~/letsencrypt/etc \
|
|
--agree-tos --domains example.com --email user@example.com
|
|
|
|
# Note: the '--webrootPath' option is also available if you don't want to shut down your webserver to get the cert.
|
|
```
|
|
|
|
### Part 2: Just add Koa
|
|
|
|
```javascript
|
|
var http = require('http');
|
|
var https = require('spdy');
|
|
var koa = require('koa');
|
|
var app = koa();
|
|
|
|
app.use(function *() {
|
|
this.body = 'Hello World';
|
|
});
|
|
|
|
var server = https.createServer(le.httpsOptions, le.middleware(app.callback()));
|
|
|
|
server.listen(443, function () {
|
|
console.log('Listening at https://localhost:' + this.address().port);
|
|
});
|
|
|
|
|
|
var http = require('http');
|
|
var redirectHttps = koa().use(require('koa-sslify')()).callback();
|
|
http.createServer(le.middleware(redirectHttps)).listen(80, function () {
|
|
console.log('handle ACME http-01 challenge and redirect to https');
|
|
});
|
|
```
|