search

therootcompany / greenlock-express.js

Free SSL and Automatic HTTPS (ACME / Let's Encrypt v2 client) for node.js with Express, Connect, and other middleware systems
https://greenlock.domains
Mozilla Public License 2.0
67 stars 20 forks source link

SNI Callback #11

Open suhz opened 2 years ago

suhz commented 2 years ago

I need a way to serve non-Letsencrypt certs together with the one managed by Greenlock. I can't find any suitable way, so I propose these little changes here: https://github.com/therootcompany/greenlock-express.js/commit/e63cdf281761d26ac43d2e19985276b7ebd7861a

with this changes, I will "ready" this HTTP(s) worker to greenlock-express

const greenlock = Greenlock
  .init({ ... })
  .ready(httpsWorker);

function httpsWorker(glx) {
  const plainServer = glx.httpServer();
  plainServer.listen(plainPort, plainAddr, () => {
    logger.info(`Greenlock listening on ${plainAddr}:${plainPort} for ACME challenges, and redirecting to HTTPS`);

    const secureServer = glx.httpsServer({ SNICallback }, app);
    secureServer.listen(securePort, secureAddr, () => {
      logger.info(`Greenlock listening on ${secureAddr}:${securePort} for secure traffic`);
    });
  });
}

And then provided my own SNICallback() like so

function SNICallback(greenlock, secureOpts, sni) {
  function SNIFallback(servername, cb) {
    return sni.create(greenlock, secureOpts)(servername, cb);
  }

  return (servername, cb) => {
    // Do something or return SNIFallback(servername, cb)
  }
}

Each time someone visits the secure port, it'll run my callback first and return it's secureContext if available, or continue to Greenlock SNI Callback as usual.

Let me know what you think

coolaj86 commented 1 year ago

The way that I expected people to go about this was to modify the certificate store - for example:

If you get a request for a domain that you know is elsewhere, just read it from that location.