RubyGems - rails-letsencrypt - Versions diffs - 0.1.0 → 0.2.0 - Mend

rails-letsencrypt 0.1.0 → 0.2.0

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +65 -12
data/app/models/lets_encrypt/certificate.rb +9 -0
data/lib/letsencrypt.rb +48 -37
data/lib/letsencrypt/configuration.rb +18 -0
data/lib/letsencrypt/redis.rb +16 -0
data/lib/letsencrypt/version.rb +1 -1
metadata +5 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 97064ad048920d4fa44d9447f9d154d3573d366b
-  data.tar.gz: 79344a1b185cda5c7995b966cf7d95ce0976dfd1
+  metadata.gz: 10abe713ee77d4fa73de337089261b1981783ad0
+  data.tar.gz: 528f836581b20b4bb845c67a80386d413ef80801
 SHA512:
-  metadata.gz: c2f8dbf68b900f909ea10f300b146c232de28e02dc00d40ab4d6925c9c60dd2a8f0dca208132bb827fd9472de74087ac046c7ee4efa28034d38e641d39798fff
-  data.tar.gz: e36cc6b648b879d66f2871ab5f023deff93b2f42416a820319d2e2c5f9232c6b2b2428a997545e3c453ae5581bba81c37b25a2398e698c31136799237a6e30a9
+  metadata.gz: e99ac7b4301fed05b62fc9a77143c0c4efcdcaa76d98fb74e19f3e7f9fc3fb18f8a79ee433a6a0ee1c67e5d527966da1433fe8a3e345ce24bce5978209e596cf
+  data.tar.gz: 871b718b910992f3484f0a389b7bb9456cfb26532b79920f213a72e5637ae74794562ca643a4834262f164bd75b2265e8bcdcb63c54812241176d4b3af06cdc5

data/README.md CHANGED Viewed

@@ -1,28 +1,81 @@
 # LetsEncrypt
-Short description and motivation.
-## Usage
-How to use my plugin.
+Provide manageable Let's Encrypt Certificate for Rails.
 ## Installation
-Add this line to your application's Gemfile:
+Puts this in your Gemfile:
 ```ruby
-gem 'lets_encrypt'
+gem 'rails-letsencrypt'
 ```
-And then execute:
+Run install migrations
 ```bash
-$ bundle
+rake letsencrypt:install:migrations
+rake db:migrate
 ```
-Or install it yourself as:
-```bash
-$ gem install lets_encrypt
+Add `acme-challenge` mounts in `config/routes.rb`
+```ruby
+mount LetsEncrypt::Engine => '/.well-known'
 ```
-## Contributing
-Contribution directions go here.
+## Usage
+The SSL certificate setup is depend on web server, this gem can work with `ngx_mruby` or `kong`.
+### ngx_mruby
+The setup is following this [Article](http://hb.matsumoto-r.jp/entry/2017/03/23/173236)
+Add `config/initializers/letsencrypt.rb` to add config to sync certificate.
+```ruby
+LetsEncrypt.config.redis_url = 'redis://localhost:6379/1'
+LetsEncrypt.config.save_to_redis = true
+```
+Connect `Redis` when nginx worker start
+```
+http {
+  # ...
+  mruby_init_worker_code '
+    userdata = Userdata.new
+    userdata.redis = Redis.new "127.0.0.1", 6379
+    # If your redis database is not 0, please select a correct one
+    userdata.redis.select 1
+  ';
+}
+```
+Setup SSL using mruby
+```
+server {
+  listen 443 ssl;
+  server_name _;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers HIGH:!aNULL:!MD5;
+  ssl_certificate certs/dummy.crt;
+  ssl_certificate_key certs/dummy.key;
+  mruby_ssl_handshake_handler_code '
+    ssl = Nginx::SSL.new
+    domain = ssl.servername
+    redis = Userdata.new.redis
+    unless redis["#{domain}.crt"].nil? and redis["#{domain}.key"].nil?
+      ssl.certificate_data = redis["#{domain}.crt"]
+      ssl.certificate_key_data = redis["#{domain}.key"]
+    end
+  ';
+}
+```
+### Kong
+Not support now.
 ## License
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/app/models/lets_encrypt/certificate.rb CHANGED Viewed

@@ -7,11 +7,20 @@ module LetsEncrypt
     validates :domain, presence: true, uniqueness: true
     before_create -> { self.key = OpenSSL::PKey::RSA.new(4096).to_s }
+    after_save -> { save_to_redis }, if: -> { LetsEncrypt.config.use_redis? }
     def get
       verify && issue
     end
+    def bundle
+      [intermediaries, certificate].join("\n")
+    end
+    def save_to_redis
+      LetsEncrypt::Redis.save(self)
+    end
     protected
     def logger

data/lib/letsencrypt.rb CHANGED Viewed

@@ -1,52 +1,63 @@
 require 'openssl'
 require 'acme-client'
 require 'letsencrypt/engine'
+require 'letsencrypt/configuration'
 require 'letsencrypt/logger_proxy'
+require 'letsencrypt/redis'
 # :nodoc:
 module LetsEncrypt
-  def self.client
-    @client ||= ::Acme::Client.new(private_key: private_key, endpoint: endpoint)
-  end
+  ENDPOINT = 'https://acme-v01.api.letsencrypt.org/'.freeze
+  ENDPOINT_STAGING = 'https://acme-staging.api.letsencrypt.org'.freeze
-  def self.private_key
-    # TODO: Add options to retrieve key
-    @private_key ||= if private_key_path.exist?
-                       OpenSSL::PKey::RSA.new(File.open(private_key_path))
-                     else
-                       generate_private_key
-                     end
-  end
+  class << self
+    def client
+      @client ||= ::Acme::Client.new(
+        private_key: private_key,
+        endpoint: endpoint
+      )
+    end
-  def self.endpoint
-    @endpoint ||= if Rails.env.production?
-                    'https://acme-v01.api.letsencrypt.org/'
-                  else
-                    'https://acme-staging.api.letsencrypt.org'
-                  end
-  end
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.new(load_private_key)
+    end
-  def self.register(email)
-    registration = client.register(contact: "mailto:#{email}")
-    logger.info "Successfully registered private key with address #{email}"
-    registration.agree_terms
-    logger.info 'Terms have been accepted'
-    true
-  end
+    def load_private_key
+      return ENV['LETSENCRYPT_PRIVATE_KEY'] if config.use_env_key
+      return File.open(private_key_path) if private_key_path.exist?
+      generate_private_key
+    end
-  def self.private_key_path
-    # TODO: Add options for specify path
-    Rails.root.join('config', 'letsencrypt.key')
-  end
+    def endpoint
+      @endpoint ||= Rails.env.production? ? ENDPOINT : ENDPOINT_STAGING
+    end
-  def self.generate_private_key
-    key = OpenSSL::PKey::RSA.new(4096)
-    File.open(private_key_path, 'w') { |f| f.write(key.to_s) }
-    logger.info "Created new private key for Let's Encrypt"
-    key
-  end
+    def register(email)
+      registration = client.register(contact: "mailto:#{email}")
+      logger.info "Successfully registered private key with address #{email}"
+      registration.agree_terms
+      logger.info 'Terms have been accepted'
+      true
+    end
+    def private_key_path
+      # TODO: Add options for specify path
+      config.private_key_path || Rails.root.join('config', 'letsencrypt.key')
+    end
+    def generate_private_key
+      key = OpenSSL::PKey::RSA.new(4096)
+      File.open(private_key_path, 'w') { |f| f.write(key.to_s) }
+      logger.info "Created new private key for Let's Encrypt"
+      key
+    end
+    def logger
+      @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
+    end
-  def self.logger
-    @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
+    def config
+      @config ||= Configuration.new
+    end
   end
 end

data/lib/letsencrypt/configuration.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module LetsEncrypt
+  # :nodoc:
+  class Configuration
+    include ActiveSupport::Configurable
+    config_accessor :private_key_path
+    config_accessor :use_env_key do
+      false
+    end
+    config_accessor :save_to_redis
+    config_accessor :redis_url
+    def use_redis?
+      save_to_redis == true
+    end
+  end
+end

data/lib/letsencrypt/redis.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module LetsEncrypt
+  # :nodoc:
+  class Redis
+    class << self
+      def connection
+        @connection ||= ::Redis.new(url: LetsEncrypt.config.redis_url)
+      end
+      def save(cert)
+        LetsEncrypt.logger.info "Save #{cert.domain}'s certificate to redis"
+        connection.set "#{cert.domain}.key", cert.key
+        connection.set "#{cert.domain}.crt", cert.certificate
+      end
+    end
+  end
+end

data/lib/letsencrypt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module LetsEncrypt
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-letsencrypt
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - 蒼時弦也
@@ -39,13 +39,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: redis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -86,8 +86,10 @@ files:
 - config/routes.rb
 - db/migrate/20170505165114_create_lets_encrypt_certificates.rb
 - lib/letsencrypt.rb
+- lib/letsencrypt/configuration.rb
 - lib/letsencrypt/engine.rb
 - lib/letsencrypt/logger_proxy.rb
+- lib/letsencrypt/redis.rb
 - lib/letsencrypt/version.rb
 - lib/rails-letsencrypt.rb
 - lib/tasks/lets_encrypt_tasks.rake