letsencrypt-rails-heroku 0.2.7 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +13 -15
- data/README.md +27 -14
- data/VERSION +1 -1
- data/letsencrypt-rails-heroku.gemspec +3 -3
- data/lib/letsencrypt-rails-heroku/letsencrypt.rb +5 -6
- data/lib/tasks/letsencrypt.rake +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0aabfc12bc180268e622c9bace1bf6460b2c73ef
|
4
|
+
data.tar.gz: c4bd799e49433146dc65f55ca0901c5fcad7f0be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8a259feabfb24e55ac7a2a499ad565cb33d0088a2aac1fa80773b0a96654a866f336a5bc98977458b289d096d0f3ec0b8e98346890bf4d85c569ba8a2e2b9e7e
|
7
|
+
data.tar.gz: c43da038a91df674e2d9bf57ca45534e0ed671bf0754b2a5638014c17a282c2da83e11b65b5b35921a5a702008cf0b029dd085a0ba02e8111bdc1cfee4a1462f
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
# 0.3.0
|
2
|
+
|
3
|
+
- Remove some Rails-specific methods and code to allow the gem to be used
|
4
|
+
(with some extra steps) by non-Rails applications like Sinatra. Closes issue
|
5
|
+
#14 and pull request #15, thanks @cbetta!
|
6
|
+
|
1
7
|
# 0.2.6
|
2
8
|
|
3
9
|
- Add more details of the error returned by LetsEncrypt when a challenge fails.
|
data/Gemfile.lock
CHANGED
@@ -27,13 +27,13 @@ GEM
|
|
27
27
|
faraday (0.9.2)
|
28
28
|
multipart-post (>= 1.2, < 3)
|
29
29
|
git (1.3.0)
|
30
|
-
github_api (0.14.
|
30
|
+
github_api (0.14.5)
|
31
31
|
addressable (~> 2.4.0)
|
32
32
|
descendants_tracker (~> 0.0.4)
|
33
33
|
faraday (~> 0.8, < 0.10)
|
34
34
|
hashie (>= 3.4)
|
35
|
-
oauth2 (~> 1.0
|
36
|
-
hashie (3.4.
|
35
|
+
oauth2 (~> 1.0)
|
36
|
+
hashie (3.4.6)
|
37
37
|
heroics (0.0.17)
|
38
38
|
erubis (~> 2.0)
|
39
39
|
excon
|
@@ -43,9 +43,9 @@ GEM
|
|
43
43
|
highline (1.7.8)
|
44
44
|
i18n (0.7.0)
|
45
45
|
json (1.8.3)
|
46
|
-
juwelier (2.1.
|
46
|
+
juwelier (2.1.3)
|
47
47
|
builder
|
48
|
-
bundler (>= 1.
|
48
|
+
bundler (>= 1.13)
|
49
49
|
git (>= 1.2.5)
|
50
50
|
github_api
|
51
51
|
highline (>= 1.6.15)
|
@@ -53,26 +53,24 @@ GEM
|
|
53
53
|
rake
|
54
54
|
rdoc
|
55
55
|
semver
|
56
|
-
jwt (1.5.
|
56
|
+
jwt (1.5.6)
|
57
57
|
mini_portile2 (2.1.0)
|
58
58
|
minitest (5.9.0)
|
59
59
|
moneta (0.8.0)
|
60
60
|
multi_json (1.12.1)
|
61
|
-
multi_xml (0.
|
61
|
+
multi_xml (0.6.0)
|
62
62
|
multipart-post (2.0.0)
|
63
63
|
netrc (0.11.0)
|
64
|
-
nokogiri (1.6.8)
|
64
|
+
nokogiri (1.6.8.1)
|
65
65
|
mini_portile2 (~> 2.1.0)
|
66
|
-
|
67
|
-
oauth2 (1.0.0)
|
66
|
+
oauth2 (1.2.0)
|
68
67
|
faraday (>= 0.8, < 0.10)
|
69
68
|
jwt (~> 1.0)
|
70
69
|
multi_json (~> 1.3)
|
71
70
|
multi_xml (~> 0.5)
|
72
|
-
rack (
|
73
|
-
|
74
|
-
|
75
|
-
rake (11.2.2)
|
71
|
+
rack (>= 1.2, < 3)
|
72
|
+
rack (2.0.1)
|
73
|
+
rake (12.0.0)
|
76
74
|
rdoc (3.12.2)
|
77
75
|
json (~> 1.4)
|
78
76
|
semver (1.0.1)
|
@@ -104,4 +102,4 @@ DEPENDENCIES
|
|
104
102
|
simplecov
|
105
103
|
|
106
104
|
BUNDLED WITH
|
107
|
-
1.
|
105
|
+
1.13.6
|
data/README.md
CHANGED
@@ -6,17 +6,15 @@ This gem is a complete solution for securing your Ruby on Rails application
|
|
6
6
|
on Heroku using their free SNI-based SSL and LetsEncrypt. It will automatically
|
7
7
|
handle renewals and keeping your certificate up to date.
|
8
8
|
|
9
|
+
With some extra steps, this gem can also be used with Sinatra. For an example
|
10
|
+
of how to do this, see the
|
11
|
+
[letsencrypt-rails-heroku-sinatra-example](https://github.com/pixielabs/letsencrypt-rails-heroku-sinatra-example)
|
12
|
+
repository.
|
9
13
|
|
10
|
-
## Requirements
|
11
|
-
|
12
|
-
- Whilst it is in beta, you must use the labs feature to enable Heroku's free
|
13
|
-
SSL offering:
|
14
14
|
|
15
|
-
|
16
|
-
heroku labs:enable http-sni
|
17
|
-
```
|
15
|
+
## Requirements
|
18
16
|
|
19
|
-
- You must be using hobby or professional dynos to use free SNI-based SSL.
|
17
|
+
- You must be using hobby or professional dynos to use free SNI-based SSL. Find out more on [Heroku's documentation page about SSL](https://devcenter.heroku.com/articles/ssl).
|
20
18
|
|
21
19
|
- You should have already configured your app DNS as per [Heroku's
|
22
20
|
documentation](https://devcenter.heroku.com/articles/custom-domains).
|
@@ -26,7 +24,7 @@ handle renewals and keeping your certificate up to date.
|
|
26
24
|
Add the gem to your Gemfile:
|
27
25
|
|
28
26
|
```
|
29
|
-
# Until the API calls are
|
27
|
+
# Until the new API calls are generally available, you must manually specify my fork
|
30
28
|
# of the Heroku API gem:
|
31
29
|
gem 'platform-api', github: 'jalada/platform-api', branch: 'master'
|
32
30
|
|
@@ -45,6 +43,21 @@ Rails.application.configure do
|
|
45
43
|
end
|
46
44
|
```
|
47
45
|
|
46
|
+
If you have configured your app to enforce SSL with the configuration option
|
47
|
+
`config.force_ssl = true` you will need to insert the middleware in front of
|
48
|
+
the middleware performing that enforcement instead, as LetsEncrypt do not allow
|
49
|
+
redirects on their verification requests:
|
50
|
+
|
51
|
+
```ruby
|
52
|
+
Rails.application.configure do
|
53
|
+
# <...>
|
54
|
+
|
55
|
+
config.middleware.insert_before ActionDispatch::SSL, Letsencrypt::Middleware
|
56
|
+
|
57
|
+
# <...>
|
58
|
+
end
|
59
|
+
```
|
60
|
+
|
48
61
|
## Configuring
|
49
62
|
|
50
63
|
By default the gem will try to use the following set of configuration variables,
|
@@ -129,12 +142,12 @@ Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-m
|
|
129
142
|
Suggestions and pull requests are welcome in improving the situation with the
|
130
143
|
following security considerations:
|
131
144
|
|
132
|
-
- When configuring this gem you
|
133
|
-
into your
|
145
|
+
- When configuring this gem you must add a non-expiring Heroku API token
|
146
|
+
into your application environment. Your collaborators could use this
|
134
147
|
token to impersonate the account it was created with when accessing
|
135
148
|
the Heroku API. This is important if your account has access to other apps
|
136
|
-
that your collaborators don’t. Additionally, if your application
|
137
|
-
leaked this would give access to the Heroku API as your user account.
|
149
|
+
that your collaborators don’t. Additionally, if your application environment was
|
150
|
+
leaked this would give the attacker access to the Heroku API as your user account.
|
138
151
|
[More information about Heroku’s API and oAuth](https://devcenter.heroku.com/articles/oauth#direct-authorization).
|
139
152
|
|
140
153
|
You should create the API token from a suitably locked-down account.
|
@@ -153,7 +166,7 @@ following security considerations:
|
|
153
166
|
we don’t register with LetsEncrypt over and over.
|
154
167
|
|
155
168
|
- Stop using a fork of the `platform-api` gem once it supports the SNI endpoint
|
156
|
-
API calls.
|
169
|
+
API calls. [See issue #49 of the platform-api gem](https://github.com/heroku/platform-api/issues/49).
|
157
170
|
|
158
171
|
- Provide instructions for running the gem decoupled from the app it is
|
159
172
|
securing, for the paranoid.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.3.0
|
@@ -2,16 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: letsencrypt-rails-heroku 0.
|
5
|
+
# stub: letsencrypt-rails-heroku 0.3.0 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
8
|
s.name = "letsencrypt-rails-heroku"
|
9
|
-
s.version = "0.
|
9
|
+
s.version = "0.3.0"
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
12
|
s.require_paths = ["lib"]
|
13
13
|
s.authors = ["David Somers"]
|
14
|
-
s.date = "2016-
|
14
|
+
s.date = "2016-12-10"
|
15
15
|
s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account."
|
16
16
|
s.email = "david@pixielabs.co.uk"
|
17
17
|
s.extra_rdoc_files = [
|
@@ -9,9 +9,9 @@ module Letsencrypt
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def self.challenge_configured?
|
12
|
-
configuration.acme_challenge_filename
|
13
|
-
configuration.acme_challenge_filename.
|
14
|
-
configuration.acme_challenge_file_content
|
12
|
+
configuration.acme_challenge_filename &&
|
13
|
+
configuration.acme_challenge_filename.start_with?(".well-known/") &&
|
14
|
+
configuration.acme_challenge_file_content
|
15
15
|
end
|
16
16
|
|
17
17
|
class Configuration
|
@@ -25,14 +25,13 @@ module Letsencrypt
|
|
25
25
|
@heroku_app = ENV["HEROKU_APP"]
|
26
26
|
@acme_email = ENV["ACME_EMAIL"]
|
27
27
|
@acme_domain = ENV["ACME_DOMAIN"]
|
28
|
-
@acme_endpoint = ENV["ACME_ENDPOINT"]
|
28
|
+
@acme_endpoint = ENV["ACME_ENDPOINT"] || 'https://acme-v01.api.letsencrypt.org/'
|
29
29
|
@acme_challenge_filename = ENV["ACME_CHALLENGE_FILENAME"]
|
30
30
|
@acme_challenge_file_content = ENV["ACME_CHALLENGE_FILE_CONTENT"]
|
31
31
|
end
|
32
32
|
|
33
33
|
def valid?
|
34
|
-
heroku_token
|
35
|
-
acme_domain.present?
|
34
|
+
heroku_token && heroku_app && acme_email && acme_domain
|
36
35
|
end
|
37
36
|
end
|
38
37
|
end
|
data/lib/tasks/letsencrypt.rake
CHANGED
@@ -6,7 +6,7 @@ require 'platform-api'
|
|
6
6
|
namespace :letsencrypt do
|
7
7
|
|
8
8
|
desc 'Renew your LetsEncrypt certificate'
|
9
|
-
task :renew
|
9
|
+
task :renew do
|
10
10
|
# Check configuration looks OK
|
11
11
|
abort "letsencrypt-rails-heroku is configured incorrectly. Are you missing an environment variable or other configuration? You should have a heroku_token, heroku_app, acmp_email and acme_domain configured either via a `Letsencrypt.configure` block in an initializer or as environment variables." unless Letsencrypt.configuration.valid?
|
12
12
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: letsencrypt-rails-heroku
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Somers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-12-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|