diff --git a/install.sh b/install.sh index 4eb6c3d..e8f78d4 100644 --- a/install.sh +++ b/install.sh @@ -1,5 +1,8 @@ #!/bin/bash +echo "no install yet" +exit 1 + sudo mkdir -p /srv/walnut/{certs,core,letsencrypt,lib,etc,config} sudo mkdir -p /srv/walnut/etc/org.oauth3.consumer sudo mkdir -p /srv/walnut/etc/org.oauth3.provider diff --git a/lib/load-certs.js b/lib/load-certs.js deleted file mode 100644 index c35ffe2..0000000 --- a/lib/load-certs.js +++ /dev/null @@ -1,68 +0,0 @@ -'use strict'; - -function loadCerts(secureContexts, certPaths, domainname, prevdomainname) { - var PromiseA = require('bluebird'); - var fs = PromiseA.promisifyAll(require('fs')); - var path = require('path'); - - if (/(^|\.)proxyable\./.test(domainname)) { - // device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com - // proxyable.myapp.mydomain.com => myapp.mydomain.com - // TODO myapp.mydomain.com.proxyable.com => myapp.mydomain.com - domainname = domainname.replace(/.*\.?proxyable\./, ''); - } - - if (secureContexts[domainname]) { - return PromiseA.resolve(secureContexts[domainname]); - } - - return PromiseA.some(certPaths.map(function (pathname) { - return PromiseA.all([ - fs.readFileAsync(path.join(pathname, domainname, 'privkey.pem'), 'ascii') - , fs.readFileAsync(path.join(pathname, domainname, 'fullchain.pem'), 'ascii') - ]); - }), 1).then(function (some) { - var one = some[0]; - secureContexts[domainname] = require('tls').createSecureContext({ - key: one[0] - , cert: one[1] - // https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - // https://nodejs.org/api/tls.html - // removed :ECDH+AES256:DH+AES256 and added :!AES256 because AES-256 wastes CPU - , ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256' - , honorCipherOrder: true - }); - - // guard against race condition on Promise.some - if (prevdomainname && !secureContexts[prevdomainname]) { - // TODO XXX make sure that letsencrypt www. domains handle the bare domains also (and vice versa) - secureContexts[prevdomainname] = secureContexts[domainname]; - } - - return secureContexts[domainname]; - }, function (/*err*/) { - // AggregateError means both promises failed - // TODO check ENOENT - - // test "is this server <>?" - // try letsencrypt - // fail with www.example.com - if (/^www\./i.test(domainname)) { - return loadCerts(secureContexts, certPaths, domainname.replace(/^www\./i, ''), domainname); - } - - return (secureContexts['www.example.com'] || secureContexts['example.com']); - }).then(function (ctx) { - // TODO generate some self-signed certs? - if (!ctx) { - console.error("[loadCerts()] Could not load default HTTPS certificates!!!"); - return PromiseA.reject({ - message: "No default certificates for https" - , code: 'E_NO_DEFAULT_CERTS' - }); - } - - return ctx; - }); -} -module.exports.load = loadCerts;