make ACME / greenlock optional

2017-04-05 04:18:35 -04:00 · 2017-04-05 04:18:35 -04:00 · 714377bbf9
commit 714377bbf9
parent 81dce2f0a1
2 changed files with 29 additions and 20 deletions
--- a/bin/stunneld.js
+++ b/bin/stunneld.js
@ -164,30 +164,31 @@ if (!program.email || !program.agreeTos) {
  console.error("You didn't specify --email <EMAIL> and --agree-tos");
  console.error("(required for ACME / Let's Encrypt / Greenlock TLS/SSL certs)");
  console.error("");
-  process.exit(1);
 }
-program.greenlock = greenlock.create({
+else {
+  program.greenlock = greenlock.create({

-  //server: 'staging'
-  server: 'https://acme-v01.api.letsencrypt.org/directory'
+    //server: 'staging'
+    server: 'https://acme-v01.api.letsencrypt.org/directory'

-, challenges: {
-		// TODO dns-01
-		'http-01': require('le-challenge-fs').create({ webrootPath: '/tmp/acme-challenges' })
-	}
+  , challenges: {
+      // TODO dns-01
+      'http-01': require('le-challenge-fs').create({ webrootPath: '/tmp/acme-challenges' })
+    }

-, store: require('le-store-certbot').create({ webrootPath: '/tmp/acme-challenges' })
+  , store: require('le-store-certbot').create({ webrootPath: '/tmp/acme-challenges' })

-, email: program.email
+  , email: program.email

-, agreeTos: program.agreeTos
+  , agreeTos: program.agreeTos

-, approveDomains: approveDomains
+  , approveDomains: approveDomains

-//, approvedDomains: program.servernames
+  //, approvedDomains: program.servernames

-});
-//program.tlsOptions.SNICallback = program.greenlock.SNICallback;
+  });
+}
+//program.tlsOptions.SNICallback = program.greenlock.httpsOptions.SNICallback;
 /*
 program.middleware = program.greenlock.middleware(function (req, res) {
  res.end('Hello, World!');
--- a/handlers.js
+++ b/handlers.js
@ -8,12 +8,16 @@ var redirectHttps = require('redirect-https')();
 module.exports.create = function (program) {
  var tunnelAdminTlsOpts = {};

-  // Probably a reverse proxy on an internal network
-  program.httpServer = http.createServer(program.greenlock.middleware(function (req, res) {
+  // Probably a reverse proxy on an internal network (or ACME challenge)
+  function notFound(req, res) {
    console.log('req.socket.encrypted', req.socket.encrypted);
    res.statusCode = 404;
    res.end("File not found.\n");
-  }));
+  }
+  program.httpServer = http.createServer(
+    program.greenlock && program.greenlock.middleware(notFound)
+    || notFound
+  );
  program.handleHttp = function (servername, socket) {
    console.log("handleHttp('" + servername + "', socket)");
    socket.__my_servername = servername;
@ -21,10 +25,14 @@ module.exports.create = function (program) {
  };

  // Probably something that needs to be redirected to https
-  program.httpInsecureServer = http.createServer(program.greenlock.middleware(function (req, res) {
+  function redirectHttpsAndClose(req, res) {
    res.setHeader('Connection', 'close');
    redirectHttps(req, res);
-  }));
+  }
+  program.httpInsecureServer = http.createServer(
+    program.greenlock && program.greenlock.middleware(redirectHttpsAndClose)
+    || redirectHttpsAndClose
+  );
  program.handleInsecureHttp = function (servername, socket) {
    console.log("handleInsecureHttp('" + servername + "', socket)");
    socket.__my_servername = servername;