greenlock-express.js/examples/production.js

'use strict';

//
// My Secure Server
//
//var greenlock = require('greenlock-express')
var greenlock = require('../').create({

  // Let's Encrypt v2 is ACME draft 11
  // Note: If at first you don't succeed, stop and switch to staging
  // https://acme-staging-v02.api.letsencrypt.org/directory
  server: 'https://acme-v02.api.letsencrypt.org/directory'
, version: 'draft-11'
  // You MUST have write access to save certs
, configDir: '~/.config/acme/'

// The previous 'simple' example set these values statically,
// but this example uses approveDomains() to set them dynamically
//, email: 'none@see.note.above'
//, agreeTos: false

  // approveDomains is the right place to check a database for
  // email addresses with domains and agreements and such
, approveDomains: approveDomains

, app: require('./my-express-app.js')

  // Get notified of important updates and help me make greenlock better
, communityMember: true

//, debug: true

});

var server = greenlock.listen(80, 443);


//
// My Secure Database Check
//
function approveDomains(opts, certs, cb) {

  // The domains being approved for the first time are listed in opts.domains
  // Certs being renewed are listed in certs.altnames
  if (certs) {
    opts.domains = certs.altnames;
    cb(null, { options: opts, certs: certs });
    return;
  }

  // Only one domain is listed with *automatic* registration via SNI
  // (it's an array because managed registration allows for multiple domains,
  //                                which was the case in the simple example)
  console.log(opts.domains);

  fooCheckDb(opts.domains, function (err, agree, email) {
    if (err) { cb(err); return; }

    // You MUST NOT build clients that accept the ToS without asking the user
    opts.agreeTos = agree;
    opts.email = email;

    // NOTE: you can also change other options such as `challengeType` and `challenge`
    // (this would be helpful if you decided you wanted wildcard support as a domain altname)
    // opts.challengeType = 'http-01';
    // opts.challenge = require('le-challenge-fs').create({});

    cb(null, { options: opts, certs: certs });
  });
}


//
// My User / Domain Database
//
function fooCheckDb(domains, cb) {
  // This is an oversimplified example of how we might implement a check in
  // our database if we have different rules for different users and domains
  var domains = [ 'example.com', 'www.example.com' ];
  var userEmail = 'john.doe@example.com';
  var userAgrees = true;
  var passCheck = opts.domains.every(function (domain) {
    return -1 !== domains.indexOf(domain);
  });

  if (!passCheck) {
    cb(new Error('domain not allowed'));
  } else {
    cb(null, userAgrees, userEmail);
  }
}
rename normal.js -> production.js 2018-08-15 20:29:28 -06:00			`'use strict';`

			`//`
			`// My Secure Server`
			`//`
v2.4.0: listen() now returns secure server instance 2018-08-17 19:58:50 -06:00			`//var greenlock = require('greenlock-express')`
			`var greenlock = require('../').create({`
rename normal.js -> production.js 2018-08-15 20:29:28 -06:00
			`// Let's Encrypt v2 is ACME draft 11`
			`// Note: If at first you don't succeed, stop and switch to staging`
			`// https://acme-staging-v02.api.letsencrypt.org/directory`
			`server: 'https://acme-v02.api.letsencrypt.org/directory'`
			`, version: 'draft-11'`
			`// You MUST have write access to save certs`
			`, configDir: '~/.config/acme/'`

			`// The previous 'simple' example set these values statically,`
			`// but this example uses approveDomains() to set them dynamically`
			`//, email: 'none@see.note.above'`
			`//, agreeTos: false`

			`// approveDomains is the right place to check a database for`
			`// email addresses with domains and agreements and such`
			`, approveDomains: approveDomains`

			`, app: require('./my-express-app.js')`

			`// Get notified of important updates and help me make greenlock better`
			`, communityMember: true`

			`//, debug: true`

v2.4.0: listen() now returns secure server instance 2018-08-17 19:58:50 -06:00			`});`

			`var server = greenlock.listen(80, 443);`
rename normal.js -> production.js 2018-08-15 20:29:28 -06:00

			`//`
			`// My Secure Database Check`
			`//`
			`function approveDomains(opts, certs, cb) {`

			`// The domains being approved for the first time are listed in opts.domains`
			`// Certs being renewed are listed in certs.altnames`
			`if (certs) {`
			`opts.domains = certs.altnames;`
			`cb(null, { options: opts, certs: certs });`
			`return;`
			`}`

			`// Only one domain is listed with automatic registration via SNI`
			`// (it's an array because managed registration allows for multiple domains,`
			`// which was the case in the simple example)`
			`console.log(opts.domains);`

			`fooCheckDb(opts.domains, function (err, agree, email) {`
			`if (err) { cb(err); return; }`

			`// You MUST NOT build clients that accept the ToS without asking the user`
			`opts.agreeTos = agree;`
			`opts.email = email;`

			// NOTE: you can also change other options such as `challengeType` and `challenge`
			`// (this would be helpful if you decided you wanted wildcard support as a domain altname)`
			`// opts.challengeType = 'http-01';`
			`// opts.challenge = require('le-challenge-fs').create({});`

			`cb(null, { options: opts, certs: certs });`
			`});`
			`}`


			`//`
			`// My User / Domain Database`
			`//`
			`function fooCheckDb(domains, cb) {`
			`// This is an oversimplified example of how we might implement a check in`
			`// our database if we have different rules for different users and domains`
			`var domains = [ 'example.com', 'www.example.com' ];`
			`var userEmail = 'john.doe@example.com';`
			`var userAgrees = true;`
			`var passCheck = opts.domains.every(function (domain) {`
			`return -1 !== domains.indexOf(domain);`
			`});`

			`if (!passCheck) {`
fix #23 silly syntax error fixed (missing paren) 2018-11-05 07:01:01 +00:00			`cb(new Error('domain not allowed'));`
rename normal.js -> production.js 2018-08-15 20:29:28 -06:00			`} else {`
			`cb(null, userAgrees, userEmail);`
			`}`
			`}`