Verified Commit 43c5081f authored by Aral Balkan's avatar Aral Balkan
Browse files

Nodecert runs on demand; ACME TLS certs are now stored in ~/.acme-tls

parent efc7ba95
...@@ -8,6 +8,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ...@@ -8,6 +8,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
Nothing yet. Nothing yet.
## [5.1.0] - 2019-03-09
### Changed
- Nodecert is no longer invoked at startup but only if locally-trusted certificates are requested.
- ACME TLS globally-trusted Let’s Encrypt certificates are now stored in `~/.acme-tls` (locally trusted nodecert certificates are still stored in `~/.nodecert`).
### Fixed
- Tests
## [5.0.0] - 2019-03-09 ## [5.0.0] - 2019-03-09
### Changed ### Changed
......
...@@ -10,14 +10,7 @@ const morgan = require('morgan') ...@@ -10,14 +10,7 @@ const morgan = require('morgan')
const AcmeTLS = require('@ind.ie/acme-tls') const AcmeTLS = require('@ind.ie/acme-tls')
const redirectHTTPS = require('redirect-https') const redirectHTTPS = require('redirect-https')
// Requiring nodecert ensures that locally-trusted TLS certificates exist. const nodecert = require('@ind.ie/nodecert')
require('@ind.ie/nodecert')
const nodecertDirectory = path.join(os.homedir(), '.nodecert')
if (!fs.existsSync(nodecertDirectory)) {
throw new Error('Error: requires nodecert.\n\nInstall: npm i -g nodecert\nRun : nodecert\n\nMore information: https://source.ind.ie/hypha/tools/nodecert')
}
class HttpsServer { class HttpsServer {
...@@ -98,6 +91,12 @@ class HttpsServer { ...@@ -98,6 +91,12 @@ class HttpsServer {
_createTLSServerWithLocallyTrustedCertificate (options, requestListener = undefined) { _createTLSServerWithLocallyTrustedCertificate (options, requestListener = undefined) {
console.log(' 🚧 [https-server] Using locally-trusted certificates.') console.log(' 🚧 [https-server] Using locally-trusted certificates.')
// Ensure that locally-trusted certificates exist.
nodecert()
const nodecertDirectory = path.join(os.homedir(), '.nodecert')
const defaultOptions = { const defaultOptions = {
key: fs.readFileSync(path.join(nodecertDirectory, 'localhost-key.pem')), key: fs.readFileSync(path.join(nodecertDirectory, 'localhost-key.pem')),
cert: fs.readFileSync(path.join(nodecertDirectory, 'localhost.pem')) cert: fs.readFileSync(path.join(nodecertDirectory, 'localhost.pem'))
...@@ -122,9 +121,14 @@ class HttpsServer { ...@@ -122,9 +121,14 @@ class HttpsServer {
server: 'https://acme-v02.api.letsencrypt.org/directory', server: 'https://acme-v02.api.letsencrypt.org/directory',
version: 'draft-11', version: 'draft-11',
configDir: `~/.nodecert/${hostname}/`,
// Certificates are stored in ~/.acme-tls/<hostname>
configDir: `~/.acme-tls/${hostname}/`,
approvedDomains: [hostname, `www.${hostname}`], approvedDomains: [hostname, `www.${hostname}`],
agreeTos: true, agreeTos: true,
// These will be removed altogether soon.
telemetry: false, telemetry: false,
communityMember: false, communityMember: false,
email: ' ', email: ' ',
......
{ {
"name": "@ind.ie/https-server", "name": "@ind.ie/https-server",
"version": "5.0.0", "version": "5.1.0",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
...@@ -44,9 +44,9 @@ ...@@ -44,9 +44,9 @@
} }
}, },
"@ind.ie/nodecert": { "@ind.ie/nodecert": {
"version": "1.0.6", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/@ind.ie/nodecert/-/nodecert-1.0.6.tgz", "resolved": "https://registry.npmjs.org/@ind.ie/nodecert/-/nodecert-2.0.1.tgz",
"integrity": "sha512-Goa7JjGyiK3cJUiBy5KerKHcB9jKrFtZzJ1a6YqdZ6VKdgn9ij+NxaK2ANxT4x+GjVcc/jvqcXpsntFo0Rpf5g==", "integrity": "sha512-P1QqDDRUdlOc61r7nOKWNoYM+xtR/skUvF2xVDxzPLvC2jTIwPKnxpU3akLTPPdpCZ3VUTbeggyUIdJCOkyNRA==",
"requires": { "requires": {
"syswide-cas": "^5.3.0" "syswide-cas": "^5.3.0"
} }
......
{ {
"name": "@ind.ie/https-server", "name": "@ind.ie/https-server",
"version": "5.0.0", "version": "5.1.0",
"description": "A secure Small Tech personal web server for seamless development and live use.", "description": "A secure Small Tech personal web server for seamless development and live use.",
"main": "index.js", "main": "index.js",
"bin": "bin/https-server.js", "bin": "bin/https-server.js",
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
}, },
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@ind.ie/nodecert": "^1.0.6", "@ind.ie/nodecert": "^2.0.1",
"ansi-escape-sequences": "^4.1.0", "ansi-escape-sequences": "^4.1.0",
"express": "^4.16.4", "express": "^4.16.4",
"@ind.ie/acme-tls": "^1.0.0", "@ind.ie/acme-tls": "^1.0.0",
......
...@@ -39,7 +39,7 @@ test('create https server', t => { ...@@ -39,7 +39,7 @@ test('create https server', t => {
test('static serve https', t => { test('static serve https', t => {
t.plan(3) t.plan(3)
const server = httpsServer.serve('test/site', async () => { const server = httpsServer.serve({path: 'test/site', callback: async () => {
t.ok(server instanceof https.Server, 'is https.Server') t.ok(server instanceof https.Server, 'is https.Server')
...@@ -56,5 +56,5 @@ test('static serve https', t => { ...@@ -56,5 +56,5 @@ test('static serve https', t => {
t.end() t.end()
server.close() server.close()
}) }})
}) })
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment