A standard for webservers that's just right.
Go to file
tigerbot 231e54d808 went back to using `http-proxy` for non-websockets
We need to be able to insert `X-Forwarded` header for all the requests on
a TCP keep-alive connection
2017-06-02 18:10:16 -06:00
Library/LaunchDaemons scope node, npm, and module installs to /opt/goldilocks 2017-05-15 23:34:30 -05:00
admin/public rename api to goldilocks 2017-04-27 19:34:13 -06:00
bin made the --tunnel option (partially) work 2017-05-26 12:11:39 -06:00
etc added hook to remove tokens from the tunnel 2017-05-29 15:14:37 -06:00
lib went back to using `http-proxy` for non-websockets 2017-06-02 18:10:16 -06:00
packages implemented GET part of the tunnel API 2017-05-30 12:15:19 -06:00
var more comprehensive data model 2017-03-02 00:58:45 -07:00
.gitignore WIP tunnel 2017-04-05 12:49:48 -06:00
.gitmodules converted tabs to spaces in a few files 2017-05-06 12:23:51 -06:00
.jshintrc add .jshintrc 2017-04-13 15:48:35 -06:00
LICENSE.txt update LICENSE.txt 2017-02-22 16:36:23 -07:00
README.md add systemd and launchd scripts 2017-05-05 01:33:36 -06:00
install.sh update node install path 2017-05-25 15:29:17 -06:00
package-lock.json went back to using `http-proxy` for non-websockets 2017-06-02 18:10:16 -06:00
package.json went back to using `http-proxy` for non-websockets 2017-06-02 18:10:16 -06:00
terms.sh example of adding terms 2017-02-24 17:59:58 -07:00
test-chain.sh add --sites option for multiple domains #10 and use localhost.daplie.me 2017-02-01 15:52:14 -07:00
uninstall.sh scope node, npm, and module installs to /opt/goldilocks 2017-05-15 23:34:30 -05:00
update-packages.sh fixed a few minor things 2017-05-01 17:52:22 -06:00

README.md

About Daplie: We're taking back the Internet!

Down with Google, Apple, and Facebook!

We're re-decentralizing the web and making it read-write again - one home cloud system at a time.

Tired of serving the Empire? Come join the Rebel Alliance:

jobs@daplie.com | Invest in Daplie on Wefunder | Pre-order Cloud, The World's First Home Server for Everyone

Goldilocks

The node.js webserver that's just right.

A simple HTTPS static file server with valid TLS (SSL) certs.

Comes bundled a valid certificate for localhost.daplie.me, which is great for testing and development, and you can specify your own.

Also great for testing ACME certs from letsencrypt.org.

Install

# v2 in npm
npm install -g goldilocks

# master in git (via ssh)
npm install -g git+ssh://git@git.daplie.com:Daplie/goldilocks.js#v1

# master in git (unauthenticated)
npm install -g git+https://git@git.daplie.com:Daplie/goldilocks.js#v1
goldilocks
Serving /Users/foo/ at https://localhost.daplie.me:8443

With service support for

  • systemd
  • launchd
curl https://git.daplie.com/Daplie/goldilocks.js/raw/master/install.sh | bash

Usage

Examples:

# Install
npm install -g git+https://git@git.daplie.com:Daplie/goldilocks.js

# Use tunnel
goldilocks --sites jane.daplie.me --agree-tos --email jane@example.com --tunnel

# BEFORE you access in a browser for the first time, use curl
# (because there's a concurrency bug in the greenlock setup)
curl https://jane.daplie.me

Options:

  • -p <port> - i.e. sudo goldilocks -p 443 (defaults to 80+443 or 8443)

  • -d <dirpath> - i.e. goldilocks -d /tmp/ (defaults to pwd)

    • you can use :hostname as a template for multiple directories
    • Example A: goldilocks -d /srv/www/:hostname --sites localhost.foo.daplie.me,localhost.bar.daplie.me
    • Example B: goldilocks -d ./:hostname/public/ --sites localhost.foo.daplie.me,localhost.bar.daplie.me
  • -c <content> - i.e. server-https -c 'Hello, World! ' (defaults to directory index)

  • --express-app <path> - path to a file the exports an express-style app (function (req, res, next) { ... })

  • --livereload - inject livereload into all html pages (see also: fswatch), but be careful if <dirpath> has thousands of files it will spike your CPU usage to 100%

  • --email <email> - email to use for Let's Encrypt, Daplie DNS, Daplie Tunnel

  • --agree-tos - agree to terms for Let's Encrypt, Daplie DNS

  • --sites <domain.tld> comma-separated list of domains to respond to (default is localhost.daplie.me)

    • optionally you may include the path to serve with | such as example.com|/tmp,example.net/srv/www
  • --tunnel - make world-visible (must use --sites)

Specifying a custom HTTPS certificate:

  • --key /path/to/privkey.pem specifies the server private key
  • --cert /path/to/fullchain.pem specifies the bundle of server certificate and all intermediate certificates
  • --root /path/to/root.pem specifies the certificate authority(ies)

Note: --root may specify single cert or a bundle, and may be used multiple times like so:

--root /path/to/primary-root.pem --root /path/to/cross-root.pem

Other options:

  • --serve-root true alias for -c with the contents of root.pem
  • --sites example.com changes the servername logged to the console
  • --letsencrypt-certs example.com sets and key, fullchain, and root to standard letsencrypt locations

Examples

goldilocks -p 1443 -c 'Hello from 1443' &
goldilocks -p 2443 -c 'Hello from 2443' &
goldilocks -p 3443 -d /tmp &

curl https://localhost.daplie.me:1443
> Hello from 1443

curl --insecure https://localhost:2443
> Hello from 2443

curl https://localhost.daplie.me:3443
> [html index listing of /tmp]

And if you tested http://localhost.daplie.me:3443 in a browser, it would redirect to https://localhost.daplie.me:3443 (on the same port).

(in curl it would just show an error message)

Testing ACME Let's Encrypt certs

In case you didn't know, you can get free https certificates from letsencrypt.org (ACME letsencrypt) and even a free subdomain from https://freedns.afraid.org.

If you want to quickly test the certificates you installed, you can do so like this:

goldilocks -p 8443 \
  --letsencrypt-certs test.mooo.com \
  --serve-root true

which is equilavent to

goldilocks -p 8443 \
  --sites test.mooo.com
  --key /etc/letsencrypt/live/test.mooo.com/privkey.pem \
  --cert /etc/letsencrypt/live/test.mooo.com/fullchain.pem \
  --root /etc/letsencrypt/live/test.mooo.com/root.pem \
  -c "$(cat 'sudo /etc/letsencrypt/live/test.mooo.com/root.pem')"

and can be tested like so

curl --insecure https://test.mooo.com:8443 > ./root.pem
curl https://test.mooo.com:8843 --cacert ./root.pem