prefer letsencrypt-style certs
This commit is contained in:
AJ ONeal
parent
945ec23965
commit
5ba70878de
|
|
@ -400,14 +400,28 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
|
||||||
var secOpts;
|
var secOpts;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
var nodes = fs.readdirSync(path.join(certsPath, 'server'));
|
var nodes = fs.readdirSync(certsPath);
|
||||||
var keyNode = nodes.filter(function (node) { return /\.key\.pem$/.test(node); })[0];
|
var keyNode = nodes.filter(function (node) { return 'privkey.pem' === node; })[0];
|
||||||
var crtNode = nodes.filter(function (node) { return /\.crt\.pem$/.test(node); })[0];
|
var crtNode = nodes.filter(function (node) { return 'fullchain.pem' === node; })[0];
|
||||||
|
|
||||||
|
if (keyNode && crtNode) {
|
||||||
|
keyNode = path.join(certsPath, keyNode);
|
||||||
|
crtNode = path.join(certsPath, crtNode);
|
||||||
|
} else {
|
||||||
|
nodes = fs.readdirSync(path.join(certsPath, 'server'));
|
||||||
|
keyNode = nodes.filter(function (node) { return /^privkey(\.key)?\.pem$/.test(node) || /\.key\.pem$/.test(node); })[0];
|
||||||
|
crtNode = nodes.filter(function (node) { return /^fullchain(\.crt)?\.pem$/.test(node) || /\.crt\.pem$/.test(node); })[0];
|
||||||
|
keyNode = path.join(certsPath, 'server', keyNode);
|
||||||
|
crtNode = path.join(certsPath, 'server', crtNode);
|
||||||
|
}
|
||||||
|
|
||||||
secOpts = {
|
secOpts = {
|
||||||
key: fs.readFileSync(path.join(certsPath, 'server', keyNode))
|
key: fs.readFileSync(keyNode)
|
||||||
, cert: fs.readFileSync(path.join(certsPath, 'server', crtNode))
|
, cert: fs.readFileSync(crtNode)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// I misunderstood what the ca option was for
|
||||||
|
/*
|
||||||
if (fs.existsSync(path.join(certsPath, 'ca'))) {
|
if (fs.existsSync(path.join(certsPath, 'ca'))) {
|
||||||
secOpts.ca = fs.readdirSync(path.join(certsPath, 'ca')).filter(function (node) {
|
secOpts.ca = fs.readdirSync(path.join(certsPath, 'ca')).filter(function (node) {
|
||||||
console.log('[log ca]', node);
|
console.log('[log ca]', node);
|
||||||
|
|
@ -416,6 +430,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
|
||||||
return fs.readFileSync(path.join(certsPath, 'ca', node));
|
return fs.readFileSync(path.join(certsPath, 'ca', node));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
} catch(err) {
|
} catch(err) {
|
||||||
// TODO Let's Encrypt / ACME HTTPS
|
// TODO Let's Encrypt / ACME HTTPS
|
||||||
console.error("[ERROR] Couldn't READ HTTPS certs from '" + certsPath + "':");
|
console.error("[ERROR] Couldn't READ HTTPS certs from '" + certsPath + "':");
|
||||||
|
|
@ -446,7 +461,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
|
||||||
// fallback / default dummy certs
|
// fallback / default dummy certs
|
||||||
key: localDummyCerts.key
|
key: localDummyCerts.key
|
||||||
, cert: localDummyCerts.cert
|
, cert: localDummyCerts.cert
|
||||||
, ca: localDummyCerts.ca
|
//, ca: localDummyCerts.ca
|
||||||
// io.js defaults have disallowed insecure algorithms as of 2015-06-29
|
// io.js defaults have disallowed insecure algorithms as of 2015-06-29
|
||||||
// https://iojs.org/api/tls.html
|
// https://iojs.org/api/tls.html
|
||||||
// previous version could use something like this
|
// previous version could use something like this
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue