jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6,763 Commits 33 Branches 583 Tags
eaf0b4e56e6a9b4146f038e4e41d89ecb7595dae
Commit Graph

6763 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Girish Ramakrishnan 9d91340223 add settings.setTlsConfig 2015-12-11 22:39:13 -08:00
Girish Ramakrishnan e0a56f75c3 typo 2015-12-11 22:27:00 -08:00
Girish Ramakrishnan 4cfd30f9e8 use tlsConfig to determine acme or not 2015-12-11 22:25:57 -08:00
Girish Ramakrishnan 3fbcbf0e5d store tls config in database 2015-12-11 22:14:56 -08:00
Girish Ramakrishnan 8b7833e8b1 fix debug namespacing 2015-12-11 21:49:24 -08:00
Girish Ramakrishnan 66441f133d fix typo 2015-12-11 20:09:16 -08:00
Girish Ramakrishnan 8a12d6019a assert assert everywhere, hope none fires! 2015-12-11 14:50:30 -08:00
Girish Ramakrishnan 39c626dc75 more moving of nginx code 2015-12-11 14:48:39 -08:00
Girish Ramakrishnan a7480c3f29 implement installation of admin certificate via acme 2015-12-11 14:37:55 -08:00
Girish Ramakrishnan 8af682acf1 add attempt 2015-12-11 14:20:37 -08:00
Girish Ramakrishnan 95eba1db81 Add certificates.ensureCertificate which gets cert via acme 2015-12-11 14:15:44 -08:00
Girish Ramakrishnan 0b8fde7d8d rename app.setAppCertificate 2015-12-11 14:13:29 -08:00
Girish Ramakrishnan 2f7517152a rename certificates.initialize 2015-12-11 14:02:58 -08:00
Girish Ramakrishnan 3e2ea0e087 refactor certificate settings 2015-12-11 13:58:43 -08:00
Girish Ramakrishnan 723556d6a2 Add CertificatesError 2015-12-11 13:43:33 -08:00
Girish Ramakrishnan 1f53d76cef wait forever by default 2015-12-11 13:41:17 -08:00
Girish Ramakrishnan d15488431b add waitfordns.js (refactored from appstore) 2015-12-11 13:14:27 -08:00
Girish Ramakrishnan cf80fd7dc5 rename certificatemanager 2015-12-11 12:24:52 -08:00
Girish Ramakrishnan 73d891b98e move validateCertificate to certificateManager 2015-12-10 20:38:49 -08:00
Girish Ramakrishnan 875ec1028d remove backward compat code now that we have migrated 2015-12-10 16:31:22 -08:00
Girish Ramakrishnan fd985c2011 configure nginx as the last step 
this allow us to wait for certificate (in the case of LE)
v0.4.5 		2015-12-10 15:26:36 -08:00
Girish Ramakrishnan 47981004c9 split port reserving to separate function 
this allows us to move nginx configuration to the bottom of apptask
(required for tls cert download support)
 2015-12-10 15:25:15 -08:00
Girish Ramakrishnan e3f7c8f63d use fqdn to save admin certs as well 2015-12-10 14:29:54 -08:00
Girish Ramakrishnan 853db53f82 rename admin.cert/.key to {admin_fqdn}.cert/.key 2015-12-10 14:05:44 -08:00
Girish Ramakrishnan 5992c0534a remove dead comment 2015-12-10 13:56:00 -08:00
Girish Ramakrishnan 1874c93c5c no need to template main nginx config 2015-12-10 13:54:53 -08:00
Girish Ramakrishnan 3c4adb1aed fix config path 2015-12-10 13:36:44 -08:00
Girish Ramakrishnan 66db918273 add certificate manager stub 2015-12-10 13:35:02 -08:00
Girish Ramakrishnan 69845d5ddd add config.adminFqdn() 2015-12-10 13:14:13 -08:00
Girish Ramakrishnan 42181d597b keep the requires sorted 2015-12-10 13:08:38 -08:00
Girish Ramakrishnan b56e9ca745 do not log the token 2015-12-10 12:50:54 -08:00
Girish Ramakrishnan 5fc4788269 remove test code 2015-12-10 11:09:37 -08:00
Girish Ramakrishnan d0f8293b73 treat acme as a cert backend 2015-12-10 11:08:22 -08:00
Girish Ramakrishnan 44582bcd4b download the certificate as binary 2015-12-10 11:07:10 -08:00
Girish Ramakrishnan 5c73aed953 remove unused require 2015-12-10 09:54:21 -08:00
Girish Ramakrishnan e1ec48530e acme: create cert file with the chain 2015-12-10 09:11:08 -08:00
Girish Ramakrishnan 54c4053728 add LE cross signed 
https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt
 2015-12-10 09:06:36 -08:00
Girish Ramakrishnan 79ffb0df5c acme: openssl does not play well with buffers. use files instead 2015-12-10 08:57:53 -08:00
Girish Ramakrishnan c510952c88 s/privateKeyPem/accountKeyPem 2015-12-09 19:23:19 -08:00
Girish Ramakrishnan 6109da531d acme: use safe 2015-12-09 19:22:53 -08:00
Girish Ramakrishnan 56877332db pull in urlBase64Encode 2015-12-09 18:34:27 -08:00
Girish Ramakrishnan 6fc972d160 set default response type to text/plain 2015-12-09 18:34:13 -08:00
Girish Ramakrishnan 5346153d9b add ursa 2015-12-09 18:33:35 -08:00
Girish Ramakrishnan aaf266d272 convert cert to pem v0.4.4 2015-12-08 20:05:14 -08:00
Girish Ramakrishnan 0750db9aae rename function 2015-12-08 19:54:37 -08:00
Girish Ramakrishnan 316976d295 generate the acme account key on first run 2015-12-08 19:42:33 -08:00
Girish Ramakrishnan 593b5d945b use this fake email as the account owner for now 2015-12-08 19:15:17 -08:00
Girish Ramakrishnan 88f0240757 serve acme directory from nginx 2015-12-08 19:04:48 -08:00
Girish Ramakrishnan f5c2f8849d Add LE staging url for testing 2015-12-08 18:25:45 -08:00
Girish Ramakrishnan 5c4a8f7803 add acme support 
this is not used anywhere since we want to wait for rate limits to be
fixed.

The current limits are :

    Rate limit on registrations per IP is currently 10 per 3 hours
    Rate limit on certificates per Domain is currently 5 per 7 days

The domains are counted based on https://publicsuffix.org/list/ (not TLD). Like appspot.com, herokuapp.com while not a TLD, it a public suffix. This list allows browser authors to limit how cookies can be manipulated by the subdomain of those domains. like app1.appspot.com cannot go and change things of app2.appspot.com.

This means
a) we cannot use LE for cloudron.me, cloudron.us (or we have to get on that list)

b) even for custom domains we get only 5 certs every 7 days. And one of them is taken for my.xx domain.

https://community.letsencrypt.org/t/public-beta-rate-limits/4772/38
 2015-12-08 15:52:30 -08:00