2015-12-12 06:39:20 +00:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
var fs = require('fs');
|
|
|
|
var path = require('path');
|
|
|
|
var https = require('https');
|
|
|
|
var http = require('http');
|
|
|
|
var express = require('express');
|
|
|
|
var app = express();
|
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
module.exports.create = function (opts) {
|
|
|
|
function getSecureContext(domainname, opts, cb) {
|
2015-12-12 06:39:20 +00:00
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
if (!opts) { opts = {}; }
|
2015-12-12 06:39:20 +00:00
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
opts.key = fs.readFileSync(path.join(opts.configDir, 'live', domainname, 'privkey.pem'));
|
|
|
|
opts.cert = fs.readFileSync(path.join(opts.configDir, 'live', domainname, 'cert.pem'));
|
|
|
|
opts.ca = fs.readFileSync(path.join(opts.configDir, 'live', domainname, 'chain.pem'), 'ascii')
|
|
|
|
.split('-----END CERTIFICATE-----')
|
|
|
|
.filter(function (ca) {
|
|
|
|
return ca.trim();
|
|
|
|
}).map(function (ca) {
|
|
|
|
return (ca + '-----END CERTIFICATE-----').trim();
|
|
|
|
});
|
2015-12-12 06:39:20 +00:00
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
cb(null, require('tls').createSecureContext(opts));
|
|
|
|
}
|
2015-12-12 06:39:20 +00:00
|
|
|
|
2015-12-12 07:11:31 +00:00
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
// log the requests
|
|
|
|
app.use('/', function (req, res, next) {
|
|
|
|
console.log('[' + req.ip + ']', req.method + ' ' + req.headers.host, req.protocol + req.url);
|
|
|
|
next();
|
2015-12-12 07:11:31 +00:00
|
|
|
});
|
2015-12-12 13:11:05 +00:00
|
|
|
// handle static requests to /.well-known/acme-challenge
|
|
|
|
app.use(
|
|
|
|
'/.well-known/acme-challenge'
|
|
|
|
, express.static(opts.webrootPath, { dotfiles: undefined })
|
|
|
|
);
|
|
|
|
|
|
|
|
function serveHttps() {
|
|
|
|
//
|
|
|
|
// SSL Certificates
|
|
|
|
//
|
|
|
|
var server;
|
|
|
|
var localCerts = require('localhost.daplie.com-certificates');
|
|
|
|
var options = {
|
|
|
|
requestCert: false
|
|
|
|
, rejectUnauthorized: true
|
|
|
|
|
|
|
|
// If you need to use SNICallback you should be using io.js >= 1.x (possibly node >= 0.12)
|
|
|
|
, SNICallback: function (domainname, cb) {
|
|
|
|
var secureContext = getSecureContext(domainname);
|
|
|
|
cb(null, secureContext);
|
|
|
|
}
|
|
|
|
// If you need to support HTTP2 this is what you need to work with
|
|
|
|
//, NPNProtocols: ['http/2.0', 'http/1.1', 'http/1.0']
|
|
|
|
//, NPNProtocols: ['http/1.1']
|
|
|
|
, key: localCerts.key
|
|
|
|
, cert: localCerts.cert
|
|
|
|
//, ca: null
|
|
|
|
};
|
|
|
|
|
|
|
|
// Start the tls sni server4
|
|
|
|
server = https.createServer(options);
|
|
|
|
server.on('error', function (err) {
|
|
|
|
console.error(err);
|
|
|
|
});
|
|
|
|
server.on('request', app);
|
|
|
|
server.listen(opts.tlsSni01Port, function () {
|
|
|
|
console.log('[https] Listening', server.address());
|
|
|
|
});
|
|
|
|
}
|
2015-12-12 07:11:31 +00:00
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
function serveHttp() {
|
|
|
|
// Start the http server4
|
|
|
|
var insecureServer = http.createServer();
|
|
|
|
insecureServer.on('error', function (err) {
|
|
|
|
console.error(err);
|
|
|
|
});
|
|
|
|
// note that request handler must be attached *before* and handle comes in
|
|
|
|
insecureServer.on('request', app);
|
|
|
|
insecureServer.listen(opts.http01Port, function () {
|
|
|
|
console.log('[http] Listening', insecureServer.address());
|
|
|
|
});
|
|
|
|
}
|
2015-12-12 07:11:31 +00:00
|
|
|
|
|
|
|
|
2015-12-12 13:11:05 +00:00
|
|
|
serveHttps();
|
|
|
|
serveHttp();
|
|
|
|
};
|