Code Monkey home page Code Monkey logo

ssl's Introduction

DADI SSL

Automated SSL certificate generation for the DADI Stack.

npm (scoped) coverage Build Status semantic-release JavaScript Style Guide

Overview

DADI SSL is a lightweight fully automated totally free SSL generation service that fits seemlessly into the DADI suite of microservices, as all major routing modules including restify and express.

It uses the letsencrypt certificate authority to register, create and automatically update multi-domain SSL certificates for use on single-server instances of your application.

It is recommended that load balanced services should apply certificates as part of the security policy, which is usually free.

Getting started

  1. Install the @dadi/ssl module:
npm install @dadi/ssl --save
  1. Add the library to your project file:
const SSL = require('@dadi/ssl')
  1. Add preferences:
// Example: select a domain and location to store certificates.
const ssl = new SSL()
  .useDomains(['somedomain.com'])
  .storeIn('/data/app/dadi-ssl/certs', true)
  .registerTo('[email protected]')
  .secureServerRestart(serverRestartFunction)
  .useListeningServer(listeningServer)
  .start()
  1. Using with your server
// Example

// Specify domain(s), a directory and a registration address.
const ssl = new SSL()
  .useDomains(['somedomain.com'])
  .storeIn('/data/app/dadi-ssl/certs', true)
  .registerTo('[email protected]')

// Start listening server on port 80.
const listeningServer = restify.createServer({
  port: 80
})

// Start secure server on port 443, with key and certificate files.
const server = restify.createServer({
  port: 443,
  key: ssl.getKey(),
  certificate: ssl.getCertificate()
})

// Add your servers and start the process.
ssl
  .secureServerRestart(serverRestartFunction)
  .useListeningServer(listeningServer)
  .start()

Required settings

.useDomains(domains)

Select the domains to register. Must be an array.

// Example
.useDomains(['foo.somedomain.com', 'bar.somedomain.com', 'somedomain.com'])

.registerTo(email)

Set the email address for the certificate registration.

// Example
.registerTo('[email protected]')

.secureServerRestart(serverRestartFunction)

Pass a server restart method to be called after successful certificate generation.

// Example
.secureServerRestart(restartFunction)

.useListeningServer(listeningServer)

A listening server running on port 80 allows the service to perform the necessary challenge requests.

// Example
.useListeningServer(listeningServer)

Optional settings

.storeIn(domains)

Select a directory to store certificate, and whether to force creation if the directory doesn't exist.

// Example
.storeIn('/data/app/dadi-ssl/certs', true)

.autoRenew(autoRenew)

Whether to auto renew certificates two days before expiry.

Default: true

// Example
.autoRenew(true)

.byteLength(length)

Bytelength of certificate. Can be between 512 and 4096. Higher = more secure, but slower to generate. Certificates with 2048 are assumed to be uncompromisable until the year 2030.

Default: 2048

// Example
.byteLength(4096)

.useEnvironment(environment)

Select which letsencrypt environment to use. Can be useful when debugging or avoiding usage limits (20/day).

Options: production, staging

// Example
.useEnvironment('staging')

Terminators

.start()

Initialises the process of creating certificates.

// Example
new SSL()
  .useDomains(['somedomain.com'])
  .registerTo('[email protected]')
  .secureServerRestart(serverRestartFunction)
  .useListeningServer(listeningServer)
  .start()

.getKey()

Get contents of the key file (domain.key). Useful for the key attribute of your server options.

const ssl = new SSL()

ssl.getKey()

.getCertificate()

Get contents of the certificate chain file (chained.pem). Useful for the certificate attribute of your server options.

const ssl = new SSL()

ssl.getCertificate()

Limitation

Letsencrypt will allow a maximum of 20 requests per domain, per day.

Generation of certificates requests a response directly to the server that made the request which can't be guarenteed when using a load balancer.

ssl's People

Contributors

mingard avatar jimlambie avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.