updated examples
This commit is contained in:
AJ ONeal
parent
cf81bf85ec
commit
bc3e9222aa
92
README.md
92
README.md
|
|
@ -253,7 +253,7 @@ That created a signing request with a sha-256 hash.
|
||||||
|
|
||||||
When you submit that to the likes of RapidSSL you'll get back an X.509 that you should call `server.crt.pem` (at least for the purposes of this mini-tutorial).
|
When you submit that to the likes of RapidSSL you'll get back an X.509 that you should call `server.crt.pem` (at least for the purposes of this mini-tutorial).
|
||||||
|
|
||||||
You cannot use "bundled" certificates (multiple certs in a single file) with node.js.
|
You **must** use a bundled certificate for your server (the server and intermediates, **not** root), but you cannot use bundles `ca` property.
|
||||||
|
|
||||||
### A single HTTPS server
|
### A single HTTPS server
|
||||||
|
|
||||||
|
|
@ -262,31 +262,36 @@ Here's a complete working example:
|
||||||
```javascript
|
```javascript
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var https = require('https')
|
var https = require('https');
|
||||||
, fs = require('fs')
|
var fs = require('fs');
|
||||||
, connect = require('connect')
|
var express = require('express');
|
||||||
, app = connect()
|
var app = express();
|
||||||
, sslOptions
|
var sslOptions;
|
||||||
, server
|
var server;
|
||||||
, port = 4080
|
var port = 4080;
|
||||||
;
|
|
||||||
|
|
||||||
require('ssl-root-cas/latest')
|
require('ssl-root-cas/latest')
|
||||||
.inject()
|
.inject()
|
||||||
.addFile(__dirname + '/ssl/Geotrust Cross Root CA.txt')
|
.addFile(__dirname + '/ssl/Geotrust Cross Root CA.txt')
|
||||||
.addFile(__dirname + '/ssl/Rapid SSL CA.txt')
|
// NOTE: intermediate certificates should be bundled with
|
||||||
|
// the site's certificate, which is issued by the server
|
||||||
|
// when you connect. You only need to add them here if the
|
||||||
|
// server is misconfigured and you can't change it
|
||||||
|
//.addFile(__dirname + '/ssl/Rapid SSL CA.txt')
|
||||||
;
|
;
|
||||||
|
|
||||||
sslOptions = {
|
sslOptions = {
|
||||||
key: fs.readFileSync('./ssl/server.key')
|
key: fs.readFileSync('./ssl/privkey.pem')
|
||||||
, cert: fs.readFileSync('./ssl/server.crt')
|
, cert: fs.readFileSync('./ssl/fullchain.pem')
|
||||||
};
|
};
|
||||||
|
|
||||||
app.use('/', function (req, res) {
|
app.use('/', function (req, res) {
|
||||||
res.end('<html><body><h1>Hello World</h1></body></html>');
|
res.end('<html><body><h1>Hello World</h1></body></html>');
|
||||||
});
|
});
|
||||||
|
|
||||||
server = https.createServer(sslOptions, app).listen(port, function(){
|
server = https.createServer(sslOptions);
|
||||||
|
server.on('request', app);
|
||||||
|
server.listen(port, function(){
|
||||||
console.log('Listening on https://' + server.address().address + ':' + server.address().port);
|
console.log('Listening on https://' + server.address().address + ':' + server.address().port);
|
||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
@ -302,20 +307,22 @@ and played around for an hour until it did.
|
||||||
File hierarchy:
|
File hierarchy:
|
||||||
|
|
||||||
```
|
```
|
||||||
webapps/
|
/etc/letsencrypt
|
||||||
└── vhosts
|
└── live
|
||||||
├── aj.the.dj
|
├── aj.the.dj
|
||||||
│ └── ssl
|
│ ├── cert.pem // contains my server certificate
|
||||||
│ ├── server.crt
|
│ ├── chain.pem // contains RapidSSL intermediate
|
||||||
│ └── server.key
|
│ ├── cert+chain.pem // contains both
|
||||||
|
│ └── privkey.pem // my private key
|
||||||
├── ballprovo.com
|
├── ballprovo.com
|
||||||
│ └── ssl
|
│ ├── cert.pem
|
||||||
│ ├── server.crt
|
│ ├── chain.pem
|
||||||
│ └── server.key
|
│ ├── cert+chain.pem
|
||||||
|
│ └── privkey.pem
|
||||||
├── server.js
|
├── server.js
|
||||||
└── ssl
|
└── ssl
|
||||||
├── Geotrust Cross Root CA.txt
|
├── Geotrust Cross Root CA.txt // the Root Authority
|
||||||
└── Rapid SSL CA.txt
|
└── Rapid SSL CA.txt // the Intermediate Authority
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -324,34 +331,33 @@ webapps/
|
||||||
```javascript
|
```javascript
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var https = require('https')
|
var https = require('https');
|
||||||
, http = require('http')
|
var http = require('http');
|
||||||
, fs = require('fs')
|
var fs = require('fs');
|
||||||
, crypto = require('crypto')
|
var crypto = require('crypto');
|
||||||
, connect = require('connect')
|
var express = require('express');
|
||||||
, vhost = require('vhost')
|
var vhost = require('vhost');
|
||||||
|
|
||||||
// connect / express app
|
// connect / express app
|
||||||
, app = connect()
|
var app = express();
|
||||||
|
|
||||||
// SSL Server
|
// SSL Server
|
||||||
, secureContexts = {}
|
var secureContexts = {};
|
||||||
, secureOpts
|
var secureOpts;
|
||||||
, secureServer
|
var secureServer;
|
||||||
, securePort = 4443
|
var securePort = 4443;
|
||||||
|
|
||||||
// force SSL upgrade server
|
// force SSL upgrade server
|
||||||
, server
|
var server;
|
||||||
, port = 4080
|
var port = 4080;
|
||||||
|
|
||||||
// the ssl domains I have
|
// the ssl domains I have
|
||||||
, domains = ['aj.the.dj', 'ballprovo.com']
|
var domains = ['aj.the.dj', 'ballprovo.com'];
|
||||||
;
|
|
||||||
|
|
||||||
require('ssl-root-cas/latest')
|
require('ssl-root-cas/latest')
|
||||||
.inject()
|
.inject()
|
||||||
.addFile(__dirname + '/ssl/Geotrust Cross Root CA.txt')
|
.addFile(__dirname + '/ssl/Geotrust Cross Root CA.txt')
|
||||||
.addFile(__dirname + '/ssl/Rapid SSL CA.txt')
|
//.addFile(__dirname + '/ssl/Rapid SSL CA.txt')
|
||||||
;
|
;
|
||||||
|
|
||||||
function getAppContext(domain) {
|
function getAppContext(domain) {
|
||||||
|
|
@ -367,8 +373,8 @@ function getAppContext(domain) {
|
||||||
|
|
||||||
domains.forEach(function (domain) {
|
domains.forEach(function (domain) {
|
||||||
secureContexts[domain] = crypto.createCredentials({
|
secureContexts[domain] = crypto.createCredentials({
|
||||||
key: fs.readFileSync(__dirname + '/' + domain + '/ssl/server.key')
|
key: fs.readFileSync(__dirname + '/' + domain + '/privkey.pem')
|
||||||
, cert: fs.readFileSync(__dirname + '/' + domain + '/ssl/server.crt')
|
, cert: fs.readFileSync(__dirname + '/' + domain + '/cert+chain.pem')
|
||||||
}).context;
|
}).context;
|
||||||
|
|
||||||
app.use(vhost('*.' + domain, getAppContext(domain)));
|
app.use(vhost('*.' + domain, getAppContext(domain)));
|
||||||
|
|
@ -388,8 +394,8 @@ secureOpts = {
|
||||||
return secureContexts[domain];
|
return secureContexts[domain];
|
||||||
}
|
}
|
||||||
// fallback / default domain
|
// fallback / default domain
|
||||||
, key: fs.readFileSync(__dirname + '/aj.the.dj/ssl/server.key')
|
, key: fs.readFileSync(__dirname + '/aj.the.dj/privkey.pem')
|
||||||
, cert: fs.readFileSync(__dirname + '/aj.the.dj/ssl/server.crt')
|
, cert: fs.readFileSync(__dirname + '/aj.the.dj/cert+chain.pem')
|
||||||
};
|
};
|
||||||
|
|
||||||
secureServer = https.createServer(secureOpts, app).listen(securePort, function(){
|
secureServer = https.createServer(secureOpts, app).listen(securePort, function(){
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue