rails-letsencrypt 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +65 -12
  3. data/app/models/lets_encrypt/certificate.rb +9 -0
  4. data/lib/letsencrypt.rb +48 -37
  5. data/lib/letsencrypt/configuration.rb +18 -0
  6. data/lib/letsencrypt/redis.rb +16 -0
  7. data/lib/letsencrypt/version.rb +1 -1
  8. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 97064ad048920d4fa44d9447f9d154d3573d366b
4
- data.tar.gz: 79344a1b185cda5c7995b966cf7d95ce0976dfd1
3
+ metadata.gz: 10abe713ee77d4fa73de337089261b1981783ad0
4
+ data.tar.gz: 528f836581b20b4bb845c67a80386d413ef80801
5
5
  SHA512:
6
- metadata.gz: c2f8dbf68b900f909ea10f300b146c232de28e02dc00d40ab4d6925c9c60dd2a8f0dca208132bb827fd9472de74087ac046c7ee4efa28034d38e641d39798fff
7
- data.tar.gz: e36cc6b648b879d66f2871ab5f023deff93b2f42416a820319d2e2c5f9232c6b2b2428a997545e3c453ae5581bba81c37b25a2398e698c31136799237a6e30a9
6
+ metadata.gz: e99ac7b4301fed05b62fc9a77143c0c4efcdcaa76d98fb74e19f3e7f9fc3fb18f8a79ee433a6a0ee1c67e5d527966da1433fe8a3e345ce24bce5978209e596cf
7
+ data.tar.gz: 871b718b910992f3484f0a389b7bb9456cfb26532b79920f213a72e5637ae74794562ca643a4834262f164bd75b2265e8bcdcb63c54812241176d4b3af06cdc5
data/README.md CHANGED
@@ -1,28 +1,81 @@
1
1
  # LetsEncrypt
2
- Short description and motivation.
3
2
 
4
- ## Usage
5
- How to use my plugin.
3
+ Provide manageable Let's Encrypt Certificate for Rails.
6
4
 
7
5
  ## Installation
8
- Add this line to your application's Gemfile:
6
+
7
+ Puts this in your Gemfile:
9
8
 
10
9
  ```ruby
11
- gem 'lets_encrypt'
10
+ gem 'rails-letsencrypt'
12
11
  ```
13
12
 
14
- And then execute:
13
+ Run install migrations
15
14
  ```bash
16
- $ bundle
15
+ rake letsencrypt:install:migrations
16
+ rake db:migrate
17
17
  ```
18
18
 
19
- Or install it yourself as:
20
- ```bash
21
- $ gem install lets_encrypt
19
+ Add `acme-challenge` mounts in `config/routes.rb`
20
+ ```ruby
21
+ mount LetsEncrypt::Engine => '/.well-known'
22
22
  ```
23
23
 
24
- ## Contributing
25
- Contribution directions go here.
24
+ ## Usage
25
+
26
+ The SSL certificate setup is depend on web server, this gem can work with `ngx_mruby` or `kong`.
27
+
28
+ ### ngx_mruby
29
+
30
+ The setup is following this [Article](http://hb.matsumoto-r.jp/entry/2017/03/23/173236)
31
+
32
+ Add `config/initializers/letsencrypt.rb` to add config to sync certificate.
33
+
34
+ ```ruby
35
+ LetsEncrypt.config.redis_url = 'redis://localhost:6379/1'
36
+ LetsEncrypt.config.save_to_redis = true
37
+ ```
38
+
39
+ Connect `Redis` when nginx worker start
40
+ ```
41
+ http {
42
+ # ...
43
+ mruby_init_worker_code '
44
+ userdata = Userdata.new
45
+ userdata.redis = Redis.new "127.0.0.1", 6379
46
+ # If your redis database is not 0, please select a correct one
47
+ userdata.redis.select 1
48
+ ';
49
+ }
50
+ ```
51
+
52
+ Setup SSL using mruby
53
+ ```
54
+ server {
55
+ listen 443 ssl;
56
+ server_name _;
57
+
58
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
59
+ ssl_ciphers HIGH:!aNULL:!MD5;
60
+ ssl_certificate certs/dummy.crt;
61
+ ssl_certificate_key certs/dummy.key;
62
+
63
+ mruby_ssl_handshake_handler_code '
64
+ ssl = Nginx::SSL.new
65
+ domain = ssl.servername
66
+
67
+ redis = Userdata.new.redis
68
+ unless redis["#{domain}.crt"].nil? and redis["#{domain}.key"].nil?
69
+ ssl.certificate_data = redis["#{domain}.crt"]
70
+ ssl.certificate_key_data = redis["#{domain}.key"]
71
+ end
72
+ ';
73
+ }
74
+ ```
75
+
76
+ ### Kong
77
+
78
+ Not support now.
26
79
 
27
80
  ## License
28
81
  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/app/models/lets_encrypt/certificate.rb CHANGED
@@ -7,11 +7,20 @@ module LetsEncrypt
7
7
  validates :domain, presence: true, uniqueness: true
8
8
 
9
9
  before_create -> { self.key = OpenSSL::PKey::RSA.new(4096).to_s }
10
+ after_save -> { save_to_redis }, if: -> { LetsEncrypt.config.use_redis? }
10
11
 
11
12
  def get
12
13
  verify && issue
13
14
  end
14
15
 
16
+ def bundle
17
+ [intermediaries, certificate].join("\n")
18
+ end
19
+
20
+ def save_to_redis
21
+ LetsEncrypt::Redis.save(self)
22
+ end
23
+
15
24
  protected
16
25
 
17
26
  def logger
data/lib/letsencrypt.rb CHANGED
@@ -1,52 +1,63 @@
1
1
  require 'openssl'
2
2
  require 'acme-client'
3
3
  require 'letsencrypt/engine'
4
+ require 'letsencrypt/configuration'
4
5
  require 'letsencrypt/logger_proxy'
6
+ require 'letsencrypt/redis'
5
7
 
6
8
  # :nodoc:
7
9
  module LetsEncrypt
8
- def self.client
9
- @client ||= ::Acme::Client.new(private_key: private_key, endpoint: endpoint)
10
- end
10
+ ENDPOINT = 'https://acme-v01.api.letsencrypt.org/'.freeze
11
+ ENDPOINT_STAGING = 'https://acme-staging.api.letsencrypt.org'.freeze
11
12
 
12
- def self.private_key
13
- # TODO: Add options to retrieve key
14
- @private_key ||= if private_key_path.exist?
15
- OpenSSL::PKey::RSA.new(File.open(private_key_path))
16
- else
17
- generate_private_key
18
- end
19
- end
13
+ class << self
14
+ def client
15
+ @client ||= ::Acme::Client.new(
16
+ private_key: private_key,
17
+ endpoint: endpoint
18
+ )
19
+ end
20
20
 
21
- def self.endpoint
22
- @endpoint ||= if Rails.env.production?
23
- 'https://acme-v01.api.letsencrypt.org/'
24
- else
25
- 'https://acme-staging.api.letsencrypt.org'
26
- end
27
- end
21
+ def private_key
22
+ @private_key ||= OpenSSL::PKey::RSA.new(load_private_key)
23
+ end
28
24
 
29
- def self.register(email)
30
- registration = client.register(contact: "mailto:#{email}")
31
- logger.info "Successfully registered private key with address #{email}"
32
- registration.agree_terms
33
- logger.info 'Terms have been accepted'
34
- true
35
- end
25
+ def load_private_key
26
+ return ENV['LETSENCRYPT_PRIVATE_KEY'] if config.use_env_key
27
+ return File.open(private_key_path) if private_key_path.exist?
28
+ generate_private_key
29
+ end
36
30
 
37
- def self.private_key_path
38
- # TODO: Add options for specify path
39
- Rails.root.join('config', 'letsencrypt.key')
40
- end
31
+ def endpoint
32
+ @endpoint ||= Rails.env.production? ? ENDPOINT : ENDPOINT_STAGING
33
+ end
41
34
 
42
- def self.generate_private_key
43
- key = OpenSSL::PKey::RSA.new(4096)
44
- File.open(private_key_path, 'w') { |f| f.write(key.to_s) }
45
- logger.info "Created new private key for Let's Encrypt"
46
- key
47
- end
35
+ def register(email)
36
+ registration = client.register(contact: "mailto:#{email}")
37
+ logger.info "Successfully registered private key with address #{email}"
38
+ registration.agree_terms
39
+ logger.info 'Terms have been accepted'
40
+ true
41
+ end
42
+
43
+ def private_key_path
44
+ # TODO: Add options for specify path
45
+ config.private_key_path || Rails.root.join('config', 'letsencrypt.key')
46
+ end
47
+
48
+ def generate_private_key
49
+ key = OpenSSL::PKey::RSA.new(4096)
50
+ File.open(private_key_path, 'w') { |f| f.write(key.to_s) }
51
+ logger.info "Created new private key for Let's Encrypt"
52
+ key
53
+ end
54
+
55
+ def logger
56
+ @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
57
+ end
48
58
 
49
- def self.logger
50
- @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
59
+ def config
60
+ @config ||= Configuration.new
61
+ end
51
62
  end
52
63
  end
data/lib/letsencrypt/configuration.rb ADDED
@@ -0,0 +1,18 @@
1
+ module LetsEncrypt
2
+ # :nodoc:
3
+ class Configuration
4
+ include ActiveSupport::Configurable
5
+
6
+ config_accessor :private_key_path
7
+ config_accessor :use_env_key do
8
+ false
9
+ end
10
+
11
+ config_accessor :save_to_redis
12
+ config_accessor :redis_url
13
+
14
+ def use_redis?
15
+ save_to_redis == true
16
+ end
17
+ end
18
+ end
data/lib/letsencrypt/redis.rb ADDED
@@ -0,0 +1,16 @@
1
+ module LetsEncrypt
2
+ # :nodoc:
3
+ class Redis
4
+ class << self
5
+ def connection
6
+ @connection ||= ::Redis.new(url: LetsEncrypt.config.redis_url)
7
+ end
8
+
9
+ def save(cert)
10
+ LetsEncrypt.logger.info "Save #{cert.domain}'s certificate to redis"
11
+ connection.set "#{cert.domain}.key", cert.key
12
+ connection.set "#{cert.domain}.crt", cert.certificate
13
+ end
14
+ end
15
+ end
16
+ end
data/lib/letsencrypt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LetsEncrypt
2
- VERSION = '0.1.0'
2
+ VERSION = '0.2.0'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-letsencrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - 蒼時弦也
@@ -39,13 +39,13 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: sqlite3
42
+ name: redis
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
- type: :development
48
+ type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
@@ -86,8 +86,10 @@ files:
86
86
  - config/routes.rb
87
87
  - db/migrate/20170505165114_create_lets_encrypt_certificates.rb
88
88
  - lib/letsencrypt.rb
89
+ - lib/letsencrypt/configuration.rb
89
90
  - lib/letsencrypt/engine.rb
90
91
  - lib/letsencrypt/logger_proxy.rb
92
+ - lib/letsencrypt/redis.rb
91
93
  - lib/letsencrypt/version.rb
92
94
  - lib/rails-letsencrypt.rb
93
95
  - lib/tasks/lets_encrypt_tasks.rake