Commit 43c5081f authored by Aral Balkan's avatar Aral Balkan

Nodecert runs on demand; ACME TLS certs are now stored in ~/.acme-tls

parent efc7ba95
......@@ -8,6 +8,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
Nothing yet.
## [5.1.0] - 2019-03-09
### Changed
- Nodecert is no longer invoked at startup but only if locally-trusted certificates are requested.
- ACME TLS globally-trusted Let’s Encrypt certificates are now stored in `~/.acme-tls` (locally trusted nodecert certificates are still stored in `~/.nodecert`).
### Fixed
- Tests
## [5.0.0] - 2019-03-09
### Changed
......
......@@ -10,14 +10,7 @@ const morgan = require('morgan')
const AcmeTLS = require('@ind.ie/acme-tls')
const redirectHTTPS = require('redirect-https')
// Requiring nodecert ensures that locally-trusted TLS certificates exist.
require('@ind.ie/nodecert')
const nodecertDirectory = path.join(os.homedir(), '.nodecert')
if (!fs.existsSync(nodecertDirectory)) {
throw new Error('Error: requires nodecert.\n\nInstall: npm i -g nodecert\nRun : nodecert\n\nMore information: https://source.ind.ie/hypha/tools/nodecert')
}
const nodecert = require('@ind.ie/nodecert')
class HttpsServer {
......@@ -98,6 +91,12 @@ class HttpsServer {
_createTLSServerWithLocallyTrustedCertificate (options, requestListener = undefined) {
console.log(' 🚧 [https-server] Using locally-trusted certificates.')
// Ensure that locally-trusted certificates exist.
nodecert()
const nodecertDirectory = path.join(os.homedir(), '.nodecert')
const defaultOptions = {
key: fs.readFileSync(path.join(nodecertDirectory, 'localhost-key.pem')),
cert: fs.readFileSync(path.join(nodecertDirectory, 'localhost.pem'))
......@@ -122,9 +121,14 @@ class HttpsServer {
server: 'https://acme-v02.api.letsencrypt.org/directory',
version: 'draft-11',
configDir: `~/.nodecert/${hostname}/`,
// Certificates are stored in ~/.acme-tls/<hostname>
configDir: `~/.acme-tls/${hostname}/`,
approvedDomains: [hostname, `www.${hostname}`],
agreeTos: true,
// These will be removed altogether soon.
telemetry: false,
communityMember: false,
email: ' ',
......
{
"name": "@ind.ie/https-server",
"version": "5.0.0",
"version": "5.1.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
......@@ -44,9 +44,9 @@
}
},
"@ind.ie/nodecert": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/@ind.ie/nodecert/-/nodecert-1.0.6.tgz",
"integrity": "sha512-Goa7JjGyiK3cJUiBy5KerKHcB9jKrFtZzJ1a6YqdZ6VKdgn9ij+NxaK2ANxT4x+GjVcc/jvqcXpsntFo0Rpf5g==",
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@ind.ie/nodecert/-/nodecert-2.0.1.tgz",
"integrity": "sha512-P1QqDDRUdlOc61r7nOKWNoYM+xtR/skUvF2xVDxzPLvC2jTIwPKnxpU3akLTPPdpCZ3VUTbeggyUIdJCOkyNRA==",
"requires": {
"syswide-cas": "^5.3.0"
}
......
{
"name": "@ind.ie/https-server",
"version": "5.0.0",
"version": "5.1.0",
"description": "A secure Small Tech personal web server for seamless development and live use.",
"main": "index.js",
"bin": "bin/https-server.js",
......@@ -19,7 +19,7 @@
},
"license": "AGPL-3.0-or-later",
"dependencies": {
"@ind.ie/nodecert": "^1.0.6",
"@ind.ie/nodecert": "^2.0.1",
"ansi-escape-sequences": "^4.1.0",
"express": "^4.16.4",
"@ind.ie/acme-tls": "^1.0.0",
......
......@@ -39,7 +39,7 @@ test('create https server', t => {
test('static serve https', t => {
t.plan(3)
const server = httpsServer.serve('test/site', async () => {
const server = httpsServer.serve({path: 'test/site', callback: async () => {
t.ok(server instanceof https.Server, 'is https.Server')
......@@ -56,5 +56,5 @@ test('static serve https', t => {
t.end()
server.close()
})
}})
})
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment