letsencrypt-rails-heroku 1.2.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +16 -0
- data/Gemfile +1 -3
- data/Gemfile.lock +14 -21
- data/LICENSE.txt +1 -1
- data/README.md +28 -22
- data/VERSION +1 -1
- data/letsencrypt-rails-heroku.gemspec +34 -34
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e19d5080608ad213dfa35f80bbbca7d8aefcfeb7724b0d94efef50e56208f749
|
4
|
+
data.tar.gz: 8567453f9e4d49488692a81bcfe64299a342c8e2cc8c9395116ff7c518842cb8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e6e647b7ccffae1ea0690a3711bbb37ed773aa9a09c54fcfeb6d7d964ad097cc59524f222dd314e1af4c9ad066319d87feca72af7833055cf2d8e346e42cec7e
|
7
|
+
data.tar.gz: 91e1769ca76f84c11de507dce46da2c56c431186ef6793f6ff12b934c664403255721bba2b5dcc99bdbf1530f21f2d219dba0d540e2016a64e9caaae85bb2560
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
# 1.2.1
|
2
|
+
|
3
|
+
- Update `rack` and `nokogiri` dependencies due to reported vulnerabilities
|
4
|
+
in those libraries. Note that these don't affect letsencrypt-rails-heroku
|
5
|
+
directly.
|
6
|
+
[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471),
|
7
|
+
[CVE-2016-4658](https://nvd.nist.gov/vuln/detail/CVE-2016-4658),
|
8
|
+
[CVE-2017-5029](https://nvd.nist.gov/vuln/detail/CVE-2017-5029),
|
9
|
+
[CVE-2018-14404](https://nvd.nist.gov/vuln/detail/CVE-2018-14404),
|
10
|
+
[CVE-2017-18258](https://nvd.nist.gov/vuln/detail/CVE-2017-18258),
|
11
|
+
[CVE-2017-9050](https://nvd.nist.gov/vuln/detail/CVE-2017-9050).
|
12
|
+
|
13
|
+
- Stop using [jalada/platform-api](https://github.com/jalada/platform-api)
|
14
|
+
because the newer version of the official version supports the API endpoints
|
15
|
+
we need now.
|
16
|
+
|
1
17
|
# 1.2.0
|
2
18
|
|
3
19
|
- Support SSL Endpoint configuration, as well as the default SNI.
|
data/Gemfile
CHANGED
@@ -1,9 +1,7 @@
|
|
1
1
|
source "https://rubygems.org"
|
2
2
|
|
3
3
|
gem 'acme-client', '~> 0.4.0'
|
4
|
-
|
5
|
-
# <https://github.com/heroku/platform-api/issues/49>
|
6
|
-
gem 'platform-api', github: 'jalada/platform-api', branch: 'master'
|
4
|
+
gem 'platform-api', '~> 2.2'
|
7
5
|
|
8
6
|
group :development do
|
9
7
|
gem "shoulda", ">= 0"
|
data/Gemfile.lock
CHANGED
@@ -1,11 +1,3 @@
|
|
1
|
-
GIT
|
2
|
-
remote: git://github.com/jalada/platform-api.git
|
3
|
-
revision: 45ddb3c1a7e2c7f85d979c0791db18e99affb237
|
4
|
-
branch: master
|
5
|
-
specs:
|
6
|
-
platform-api (0.8.0)
|
7
|
-
heroics (~> 0.0.17)
|
8
|
-
|
9
1
|
GEM
|
10
2
|
remote: https://rubygems.org/
|
11
3
|
specs:
|
@@ -23,7 +15,7 @@ GEM
|
|
23
15
|
thread_safe (~> 0.3, >= 0.3.1)
|
24
16
|
docile (1.1.5)
|
25
17
|
erubis (2.7.0)
|
26
|
-
excon (0.
|
18
|
+
excon (0.62.0)
|
27
19
|
faraday (0.9.2)
|
28
20
|
multipart-post (>= 1.2, < 3)
|
29
21
|
git (1.3.0)
|
@@ -34,15 +26,14 @@ GEM
|
|
34
26
|
hashie (>= 3.4)
|
35
27
|
oauth2 (~> 1.0)
|
36
28
|
hashie (3.4.6)
|
37
|
-
heroics (0.0.
|
29
|
+
heroics (0.0.25)
|
38
30
|
erubis (~> 2.0)
|
39
31
|
excon
|
40
32
|
moneta
|
41
33
|
multi_json (>= 1.9.2)
|
42
|
-
netrc
|
43
34
|
highline (1.7.8)
|
44
35
|
i18n (0.7.0)
|
45
|
-
json (1.8.
|
36
|
+
json (1.8.6)
|
46
37
|
juwelier (2.1.3)
|
47
38
|
builder
|
48
39
|
bundler (>= 1.13)
|
@@ -54,22 +45,24 @@ GEM
|
|
54
45
|
rdoc
|
55
46
|
semver
|
56
47
|
jwt (1.5.6)
|
57
|
-
mini_portile2 (2.
|
48
|
+
mini_portile2 (2.4.0)
|
58
49
|
minitest (5.9.0)
|
59
|
-
moneta (0.
|
60
|
-
multi_json (1.
|
50
|
+
moneta (1.0.0)
|
51
|
+
multi_json (1.13.1)
|
61
52
|
multi_xml (0.6.0)
|
62
53
|
multipart-post (2.0.0)
|
63
|
-
|
64
|
-
|
65
|
-
mini_portile2 (~> 2.1.0)
|
54
|
+
nokogiri (1.10.2)
|
55
|
+
mini_portile2 (~> 2.4.0)
|
66
56
|
oauth2 (1.2.0)
|
67
57
|
faraday (>= 0.8, < 0.10)
|
68
58
|
jwt (~> 1.0)
|
69
59
|
multi_json (~> 1.3)
|
70
60
|
multi_xml (~> 0.5)
|
71
61
|
rack (>= 1.2, < 3)
|
72
|
-
|
62
|
+
platform-api (2.2.0)
|
63
|
+
heroics (~> 0.0.25)
|
64
|
+
moneta (~> 1.0.0)
|
65
|
+
rack (2.0.7)
|
73
66
|
rake (12.0.0)
|
74
67
|
rdoc (3.12.2)
|
75
68
|
json (~> 1.4)
|
@@ -96,10 +89,10 @@ DEPENDENCIES
|
|
96
89
|
acme-client (~> 0.4.0)
|
97
90
|
bundler (~> 1.0)
|
98
91
|
juwelier (~> 2.1.0)
|
99
|
-
platform-api
|
92
|
+
platform-api (~> 2.2)
|
100
93
|
rdoc (~> 3.12)
|
101
94
|
shoulda
|
102
95
|
simplecov
|
103
96
|
|
104
97
|
BUNDLED WITH
|
105
|
-
1.
|
98
|
+
1.16.6
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# LetsEncrypt & Rails & Heroku
|
2
2
|
|
3
|
+
### Deprecated: Heroku now support [free automated SSL certificates for paid dynos](https://devcenter.heroku.com/articles/automated-certificate-management), you should use that instead of this gem unless your situation is covered by the [known limitations](https://devcenter.heroku.com/articles/automated-certificate-management#known-limitations) of ACM, e.g. your app runs in Heroku Private Spaces.
|
4
|
+
|
5
|
+
|
3
6
|
[![Gem Version](https://badge.fury.io/rb/letsencrypt-rails-heroku.svg)](https://badge.fury.io/rb/letsencrypt-rails-heroku)
|
4
7
|
|
5
8
|
This gem is a complete solution for securing your Ruby on Rails application
|
@@ -14,7 +17,9 @@ repository.
|
|
14
17
|
|
15
18
|
## Requirements
|
16
19
|
|
17
|
-
- You must be using hobby or professional dynos to use free SNI-based SSL.
|
20
|
+
- You must be using hobby or professional dynos to use free SNI-based SSL.
|
21
|
+
Find out more on [Heroku's documentation page about
|
22
|
+
SSL](https://devcenter.heroku.com/articles/ssl).
|
18
23
|
|
19
24
|
- You should have already configured your app DNS as per [Heroku's
|
20
25
|
documentation](https://devcenter.heroku.com/articles/custom-domains).
|
@@ -24,10 +29,6 @@ repository.
|
|
24
29
|
Add the gem to your Gemfile:
|
25
30
|
|
26
31
|
```
|
27
|
-
# Until the new API calls are generally available, you must manually specify my fork
|
28
|
-
# of the Heroku API gem:
|
29
|
-
gem 'platform-api', git: 'https://github.com/jalada/platform-api', branch: 'master'
|
30
|
-
|
31
32
|
gem 'letsencrypt-rails-heroku', group: 'production'
|
32
33
|
```
|
33
34
|
|
@@ -126,10 +127,13 @@ You can see these details by typing `heroku domains`.
|
|
126
127
|
|
127
128
|
## Adding a scheduled task
|
128
129
|
|
129
|
-
You should add a scheduled task on Heroku to renew the certificate.
|
130
|
-
|
131
|
-
|
132
|
-
|
130
|
+
You should add a scheduled task on Heroku to renew the certificate. If you
|
131
|
+
are unfamiliar with how to do this, take a look at [Heroku's documentation
|
132
|
+
on their scheduler addon](https://devcenter.heroku.com/articles/scheduler).
|
133
|
+
|
134
|
+
The scheduled task should be configured to run `rake letsencrypt:renew` as
|
135
|
+
often as you want to renew your certificate. Letsencrypt certificates are valid
|
136
|
+
for 90 days, but there's no harm renewing them more frequently than that.
|
133
137
|
|
134
138
|
Heroku Scheduler only lets you run a task as infrequently as once a day, but
|
135
139
|
you don't want to renew your SSL certificate every day (you will hit
|
@@ -138,7 +142,7 @@ run less frequently using a shell control statement. For example to renew your
|
|
138
142
|
certificate on the 1st day of every month:
|
139
143
|
|
140
144
|
```
|
141
|
-
if [ "$(date +%d)" = 01 ]; then rake letsencrypt:renew; fi
|
145
|
+
if [ "$(date +%d)" = 01 ]; then bundle exec rake letsencrypt:renew; fi
|
142
146
|
```
|
143
147
|
|
144
148
|
Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-monthly-tasks/)
|
@@ -148,12 +152,13 @@ Source: [blog.dbrgn.ch](https://blog.dbrgn.ch/2013/10/4/heroku-schedule-weekly-m
|
|
148
152
|
Suggestions and pull requests are welcome in improving the situation with the
|
149
153
|
following security considerations:
|
150
154
|
|
151
|
-
- When configuring this gem you must add a non-expiring Heroku API token
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
leaked this would give the attacker access to the Heroku API as your user
|
155
|
+
- When configuring this gem you must add a non-expiring Heroku API token into
|
156
|
+
your application environment. Your collaborators could use this token to
|
157
|
+
impersonate the account it was created with when accessing the Heroku API.
|
158
|
+
This is important if your account has access to other apps that your
|
159
|
+
collaborators don’t. Additionally, if your application environment was
|
160
|
+
leaked this would give the attacker access to the Heroku API as your user
|
161
|
+
account.
|
157
162
|
[More information about Heroku’s API and oAuth](https://devcenter.heroku.com/articles/oauth#direct-authorization).
|
158
163
|
|
159
164
|
You should create the API token from a suitably locked-down account.
|
@@ -170,17 +175,17 @@ following security considerations:
|
|
170
175
|
|
171
176
|
### Common name invalid errors (security certificate is from *.herokuapp.com)
|
172
177
|
|
173
|
-
Your domain is still configured as a CNAME or ALIAS to
|
178
|
+
Your domain is still configured as a CNAME or ALIAS to
|
179
|
+
`your-app.herokuapp.com`. Check the output of `heroku domains` matches your DNS
|
180
|
+
configuration. When you add an SNI cert to an app for the first time
|
181
|
+
[the DNS target changes](https://devcenter.heroku.com/articles/custom-domains#view-existing-domains).
|
174
182
|
|
175
183
|
## To-do list
|
176
184
|
|
177
185
|
- Persist account key, or at least give the option of using an existing one, so
|
178
186
|
we don’t register with LetsEncrypt over and over.
|
179
187
|
|
180
|
-
-
|
181
|
-
API calls. [See issue #49 of the platform-api gem](https://github.com/heroku/platform-api/issues/49).
|
182
|
-
|
183
|
-
- Provide instructions for running the gem decoupled from the app it is
|
188
|
+
- Provide instructions for running the gem decoupled from the app it is
|
184
189
|
securing, for the paranoid.
|
185
190
|
|
186
191
|
## Contributing
|
@@ -202,4 +207,5 @@ Your domain is still configured as a CNAME or ALIAS to `your-app.herokuapp.com`.
|
|
202
207
|
|
203
208
|
1. Bump the version: `rake version:bump:{major,minor,patch}`.
|
204
209
|
2. Update `CHANGELOG.md` & commit.
|
205
|
-
3. Use `rake release` to regenerate gemspec, push a tag to git, and push a new
|
210
|
+
3. Use `rake release` to regenerate gemspec, push a tag to git, and push a new
|
211
|
+
`.gem` to rubygems.org.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.1
|
@@ -2,18 +2,18 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: letsencrypt-rails-heroku 1.2.
|
5
|
+
# stub: letsencrypt-rails-heroku 1.2.1 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
|
-
s.name = "letsencrypt-rails-heroku"
|
9
|
-
s.version = "1.2.
|
8
|
+
s.name = "letsencrypt-rails-heroku".freeze
|
9
|
+
s.version = "1.2.1"
|
10
10
|
|
11
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
-
s.require_paths = ["lib"]
|
13
|
-
s.authors = ["Pixie Labs", "David Somers", "Abigail McPhillips"]
|
14
|
-
s.date = "
|
15
|
-
s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account."
|
16
|
-
s.email = "team@pixielabs.io"
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib".freeze]
|
13
|
+
s.authors = ["Pixie Labs".freeze, "David Somers".freeze, "Abigail McPhillips".freeze]
|
14
|
+
s.date = "2019-04-12"
|
15
|
+
s.description = "This gem automatically handles creation, renewal, and applying SSL certificates from LetsEncrypt to your Heroku account.".freeze
|
16
|
+
s.email = "team@pixielabs.io".freeze
|
17
17
|
s.extra_rdoc_files = [
|
18
18
|
"LICENSE.txt",
|
19
19
|
"README.md"
|
@@ -35,39 +35,39 @@ Gem::Specification.new do |s|
|
|
35
35
|
"lib/letsencrypt-rails-heroku/railtie.rb",
|
36
36
|
"lib/tasks/letsencrypt.rake"
|
37
37
|
]
|
38
|
-
s.homepage = "https://github.com/pixielabs/letsencrypt-rails-heroku"
|
39
|
-
s.licenses = ["MIT"]
|
40
|
-
s.rubygems_version = "2.
|
41
|
-
s.summary = "Automatic LetsEncrypt certificates in your Rails app on Heroku"
|
38
|
+
s.homepage = "https://github.com/pixielabs/letsencrypt-rails-heroku".freeze
|
39
|
+
s.licenses = ["MIT".freeze]
|
40
|
+
s.rubygems_version = "2.7.8".freeze
|
41
|
+
s.summary = "Automatic LetsEncrypt certificates in your Rails app on Heroku".freeze
|
42
42
|
|
43
43
|
if s.respond_to? :specification_version then
|
44
44
|
s.specification_version = 4
|
45
45
|
|
46
46
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
47
|
-
s.add_runtime_dependency(%q<acme-client
|
48
|
-
s.add_runtime_dependency(%q<platform-api
|
49
|
-
s.add_development_dependency(%q<shoulda
|
50
|
-
s.add_development_dependency(%q<rdoc
|
51
|
-
s.add_development_dependency(%q<bundler
|
52
|
-
s.add_development_dependency(%q<juwelier
|
53
|
-
s.add_development_dependency(%q<simplecov
|
47
|
+
s.add_runtime_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
|
48
|
+
s.add_runtime_dependency(%q<platform-api>.freeze, ["~> 2.2"])
|
49
|
+
s.add_development_dependency(%q<shoulda>.freeze, [">= 0"])
|
50
|
+
s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
51
|
+
s.add_development_dependency(%q<bundler>.freeze, ["~> 1.0"])
|
52
|
+
s.add_development_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
|
53
|
+
s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
|
54
54
|
else
|
55
|
-
s.add_dependency(%q<acme-client
|
56
|
-
s.add_dependency(%q<platform-api
|
57
|
-
s.add_dependency(%q<shoulda
|
58
|
-
s.add_dependency(%q<rdoc
|
59
|
-
s.add_dependency(%q<bundler
|
60
|
-
s.add_dependency(%q<juwelier
|
61
|
-
s.add_dependency(%q<simplecov
|
55
|
+
s.add_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
|
56
|
+
s.add_dependency(%q<platform-api>.freeze, ["~> 2.2"])
|
57
|
+
s.add_dependency(%q<shoulda>.freeze, [">= 0"])
|
58
|
+
s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
59
|
+
s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
|
60
|
+
s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
|
61
|
+
s.add_dependency(%q<simplecov>.freeze, [">= 0"])
|
62
62
|
end
|
63
63
|
else
|
64
|
-
s.add_dependency(%q<acme-client
|
65
|
-
s.add_dependency(%q<platform-api
|
66
|
-
s.add_dependency(%q<shoulda
|
67
|
-
s.add_dependency(%q<rdoc
|
68
|
-
s.add_dependency(%q<bundler
|
69
|
-
s.add_dependency(%q<juwelier
|
70
|
-
s.add_dependency(%q<simplecov
|
64
|
+
s.add_dependency(%q<acme-client>.freeze, ["~> 0.4.0"])
|
65
|
+
s.add_dependency(%q<platform-api>.freeze, ["~> 2.2"])
|
66
|
+
s.add_dependency(%q<shoulda>.freeze, [">= 0"])
|
67
|
+
s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
68
|
+
s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
|
69
|
+
s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
|
70
|
+
s.add_dependency(%q<simplecov>.freeze, [">= 0"])
|
71
71
|
end
|
72
72
|
end
|
73
73
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: letsencrypt-rails-heroku
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pixie Labs
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2019-04-12 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: acme-client
|
@@ -30,16 +30,16 @@ dependencies:
|
|
30
30
|
name: platform-api
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
|
-
- - "
|
33
|
+
- - "~>"
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: '
|
35
|
+
version: '2.2'
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
|
-
- - "
|
40
|
+
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '
|
42
|
+
version: '2.2'
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: shoulda
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
154
|
version: '0'
|
155
155
|
requirements: []
|
156
156
|
rubyforge_project:
|
157
|
-
rubygems_version: 2.
|
157
|
+
rubygems_version: 2.7.8
|
158
158
|
signing_key:
|
159
159
|
specification_version: 4
|
160
160
|
summary: Automatic LetsEncrypt certificates in your Rails app on Heroku
|