Code Monkey home page Code Monkey logo

le-store-redis's Introduction

le-store-redis

The Redis storage strategy for node-letsencrypt is capable of storing and retrieving keypairs, accounts, certificates, and certificate keypairs from a Redis database. It is most useful in production setups where multiple load balancers need to provide HTTPS-based proxying for a number of application front-end systems.

Security Warning

It is strongly advised that any production Redis system is deployed using at least password-based authentication in addition to protections like IP-based request limiting and client-side TLS certificates. Unauthorized access to the Redis database enables an attacker to spoof any certificate stored in the database.

Options

The following options may be set in the options parameter:

  • {boolean} debug - set to true if debug output is desired.
  • {integer} certExpiry - delete certificate entries from database after this many seconds, default is 100 days.
  • {object} redisOptions - options passed to the Redis driver

Usage Example

To instantiate a Redis-based Let's Encrypt plugin:

  // configure Redis-based Let's Encrypt storage backend for storing keys and certs
  var leStore = require('le-store-redis').create({
    debug: true
    redisOptions: {
      db: 2,
      password: 'M3C1lSO1kLBdPd95tJGu1I0OtTp4c5Rz'
    }
  });

This object may then be used in the Let's Encrypt constructor.

Database Layout

The Redis database is designed to be scalable to at least thousands of domains. Scalability past tens of thousands of domains has not been tested, but should work (in theory) based on the indexing layout and available memory.

There are three primary types of data that are stored in the database:

  • Keypairs are stored in keypair-HASH entries.
  • Accounts are stored in account-HASH entries.
  • Certificates are stored in cert-HASH entries.

There are five types of indexes in the database:

  • idx-e2a-HASH entries store email to account mappings.
  • idx-e2k-HASH entries store email to keypair mappings.
  • idx-e2c-HASH entries store email to certificate mappings.
  • idx-a2c-HASH entries store account to certificate mappings.
  • idx-d2c-HASH entries store domain to certificate mappings.

le-store-redis's People

Contributors

msporny avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.