rails-letsencrypt 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0633ffad33535aafb793abb0e38402b90ccb2d5a
4
- data.tar.gz: db2be9f9072c31adb5592a936a7b5501e5a639cc
3
+ metadata.gz: 20d99952a5fed288ccf2a91a784e1042ffb5be58
4
+ data.tar.gz: a55d6f532be02ab448695b0b9c90a3b39f9fe76b
5
5
  SHA512:
6
- metadata.gz: faaa56f16f0ab8ace274c7bc2e56fc9d67a86db0c75579751d1e54491e09c7c221cf3560a713c2dfba9b54ca36d3da84b534b6139f64c81418a8f10dce285526
7
- data.tar.gz: b285b39c7c74297456f6e209ec9d193937ca4af436b904a2691641be913cad87ac341d0d3f3aef53caf2794335393d07558c7f48e7537e95bafb9de4fc2e63cb
6
+ metadata.gz: 8bdd74b0ca815dc03c277852b597d9aa07369db2ef8d2ccef9e2d47e2baa1f2e4391e24c585405baabb12dea055abad2098d519ed50adfecc89634a45237b9a5
7
+ data.tar.gz: a0bee2de40ad55c1a9766ace4b4ba5baa913a18fe9c53263526599ebc5b5018846ca86cba067b7fd065f8004d06b65cbda254f7c69628bf98cf301951d5958f4
data/README.md CHANGED
@@ -29,13 +29,95 @@ Add `acme-challenge` mounts in `config/routes.rb`
29
29
  mount LetsEncrypt::Engine => '/.well-known'
30
30
  ```
31
31
 
32
+ ### Configuration
33
+
34
+ Add a file to `config/initializers/letsencrypt.rb` and put below config you need.
35
+
36
+ ```ruby
37
+ LetsEncrypt.config do |config|
38
+ # Using Let's Encrypt staging server or not
39
+ # Default only `Rails.env.production? == true` will use Let's Encrypt production server.
40
+ config.use_staging = true
41
+
42
+ # Set the private key path
43
+ # Default is locate at config/letsencrypt.key
44
+ config.private_key_path = Rails.root.join('config', 'letsencrypt.key')
45
+
46
+ # Use environment variable to set private key
47
+ # If enable, the API Client will use `LETSENCRYPT_PRIVATE_KEY` as private key
48
+ # Default is false
49
+ config.use_env_key = false
50
+
51
+ # Should sync certificate into redis
52
+ # When using ngx_mruby to dynamic load certificate, this will be helpful
53
+ # Default is false
54
+ config.save_to_redis = false
55
+
56
+ # The redis server url
57
+ # Default is nil
58
+ config.redis_url = 'redis://localhost:6379/1'
59
+ end
60
+ ```
61
+
32
62
  ## Usage
33
63
 
34
- The SSL certificate setup is depend on web server, this gem can work with `ngx_mruby` or `kong`.
64
+ The SSL certificate setup depends on the web server, this gem can work with `ngx_mruby` or `kong`.
65
+
66
+ ### Certificate Model
67
+
68
+ #### Create
69
+
70
+ Add a new domain into the database.
71
+
72
+ ```ruby
73
+ cert = LetsEncrypt::Certificate.create(domain: 'example.com')
74
+ cert.get # alias `verify && issue`
75
+ ```
76
+
77
+ #### Verify
78
+
79
+ Makes a request to Let's Encrypt and verify domain
80
+
81
+ ```ruby
82
+ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
83
+ cert.verify
84
+ ```
85
+
86
+ #### Issue
87
+
88
+ Ask Let's Encrypt to issue a new certificate.
89
+
90
+ ```ruby
91
+ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
92
+ cert.issue
93
+ ```
94
+
95
+ #### Renew
96
+
97
+ ```ruby
98
+ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
99
+ cert.renew
100
+ ```
101
+
102
+ #### Status
103
+
104
+ Check a certificate is verified and issued.
105
+
106
+ ```ruby
107
+ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
108
+ cert.active? # => true
109
+ ```
110
+
111
+ Check a certificate is expired.
112
+
113
+ ```ruby
114
+ cert = LetsEncrypt::Certificate.find_by(domain: 'example.com')
115
+ cert.expired? # => false
116
+ ```
35
117
 
36
118
  ### Tasks
37
119
 
38
- To renew certificate, you can can run `renew` task to renew coming expires certificates.
120
+ To renew a certificate, you can run `renew` task to renew coming expires certificates.
39
121
 
40
122
  ```bash
41
123
  rake letsencrypt:renew
@@ -46,7 +128,7 @@ rake letsencrypt:renew
46
128
  If you are using Sidekiq or others, you can enqueue renew task daily.
47
129
 
48
130
  ```
49
- LetsEncrypt::RenewCertificate.perform_later
131
+ LetsEncrypt::RenewCertificatesJob.perform_later
50
132
  ```
51
133
 
52
134
  ### ngx_mruby
@@ -62,7 +144,7 @@ LetsEncrypt.config do |config|
62
144
  end
63
145
  ```
64
146
 
65
- Connect `Redis` when nginx worker start
147
+ Connect `Redis` when Nginx worker start
66
148
  ```
67
149
  http {
68
150
  # ...
@@ -101,7 +183,7 @@ server {
101
183
 
102
184
  ### Kong
103
185
 
104
- Not support now.
186
+ Coming soon.
105
187
 
106
188
  ## License
107
189
  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile CHANGED
@@ -10,7 +10,7 @@ require 'rdoc/task'
10
10
 
11
11
  RDoc::Task.new(:rdoc) do |rdoc|
12
12
  rdoc.rdoc_dir = 'rdoc'
13
- rdoc.title = 'rails-letsencrypt'
13
+ rdoc.title = 'Rails Let\'sEncrypt'
14
14
  rdoc.options << '--line-numbers'
15
15
  rdoc.rdoc_files.include('README.md')
16
16
  rdoc.rdoc_files.include('lib/**/*.rb')
@@ -5,6 +5,7 @@ module LetsEncrypt
5
5
  module CertificateIssuable
6
6
  extend ActiveSupport::Concern
7
7
 
8
+ # Returns true if issue new certificate succeed.
8
9
  def issue
9
10
  logger.info "Getting certificate for #{domain}"
10
11
  create_certificate
@@ -5,6 +5,7 @@ module LetsEncrypt
5
5
  module CertificateVerifiable
6
6
  extend ActiveSupport::Concern
7
7
 
8
+ # Returns true if verify domain is succeed.
8
9
  def verify
9
10
  start_authorize
10
11
  start_challenge
@@ -15,20 +15,27 @@ module LetsEncrypt
15
15
  before_create -> { self.key = OpenSSL::PKey::RSA.new(4096).to_s }
16
16
  after_save -> { save_to_redis }, if: -> { LetsEncrypt.config.use_redis? }
17
17
 
18
+ # Returns false if certificate is not issued.
19
+ #
20
+ # This method didn't check certificate is valid,
21
+ # its only uses for checking is there has a certificate.
18
22
  def active?
19
23
  certificate.present?
20
24
  end
21
25
 
26
+ # Returns true if certificate is expired.
22
27
  def expired?
23
28
  Time.zone.now >= expires_at
24
29
  end
25
30
 
31
+ # Returns true if success get a new certificate
26
32
  def get
27
33
  verify && issue
28
34
  end
29
35
 
30
36
  alias renew get
31
37
 
38
+ # Returns full-chain bundled certificates
32
39
  def bundle
33
40
  [intermediaries, certificate].join("\n")
34
41
  end
@@ -41,6 +48,7 @@ module LetsEncrypt
41
48
  @key_object ||= OpenSSL::PKey::RSA.new(key)
42
49
  end
43
50
 
51
+ # Save certificate into redis
44
52
  def save_to_redis
45
53
  LetsEncrypt::Redis.save(self)
46
54
  end
@@ -16,10 +16,12 @@ module LetsEncrypt
16
16
  config_accessor :save_to_redis
17
17
  config_accessor :redis_url
18
18
 
19
+ # Returns true if enabled `save_to_redis` feature
19
20
  def use_redis?
20
21
  save_to_redis == true
21
22
  end
22
23
 
24
+ # Returns true if under development mode.
23
25
  def use_staging?
24
26
  use_staging
25
27
  end
@@ -8,6 +8,7 @@ module LetsEncrypt
8
8
  @connection ||= ::Redis.new(url: LetsEncrypt.config.redis_url)
9
9
  end
10
10
 
11
+ # Save certificate into redis.
11
12
  def save(cert)
12
13
  LetsEncrypt.logger.info "Save #{cert.domain}'s certificate to redis"
13
14
  connection.set "#{cert.domain}.key", cert.key
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module LetsEncrypt
4
- VERSION = '0.5.0'
4
+ VERSION = '0.5.1'
5
5
  end
data/lib/letsencrypt.rb CHANGED
@@ -11,10 +11,15 @@ require 'letsencrypt/redis'
11
11
 
12
12
  # :nodoc:
13
13
  module LetsEncrypt
14
+ # Production mode API Endpoint
14
15
  ENDPOINT = 'https://acme-v01.api.letsencrypt.org/'
16
+
17
+ # Staging mode API Endpoint, the rate limit is higher
18
+ # but got invalid certificate for testing
15
19
  ENDPOINT_STAGING = 'https://acme-staging.api.letsencrypt.org'
16
20
 
17
21
  class << self
22
+ # Create the ACME Client to Let's Encrypt
18
23
  def client
19
24
  @client ||= ::Acme::Client.new(
20
25
  private_key: private_key,
@@ -32,10 +37,17 @@ module LetsEncrypt
32
37
  generate_private_key
33
38
  end
34
39
 
40
+ # Get current using Let's Encrypt endpoint
35
41
  def endpoint
36
42
  @endpoint ||= config.use_staging? ? ENDPOINT_STAGING : ENDPOINT
37
43
  end
38
44
 
45
+ # Register a Let's Encrypt account
46
+ #
47
+ # This is required a private key to do this,
48
+ # and Let's Encrypt will use this private key to
49
+ # connect with domain and assign the owner who can
50
+ # renew and revoked.
39
51
  def register(email)
40
52
  registration = client.register(contact: "mailto:#{email}")
41
53
  logger.info "Successfully registered private key with address #{email}"
@@ -59,6 +71,12 @@ module LetsEncrypt
59
71
  @logger ||= LoggerProxy.new(Rails.logger, tags: ['LetsEncrypt'])
60
72
  end
61
73
 
74
+ # Config how to Let's Encrypt works for Rails
75
+ #
76
+ # LetsEncrypt.config do |config|
77
+ # # Always use production mode to connect Let's Encrypt API server
78
+ # config.use_staging = false
79
+ # end
62
80
  def config(&block)
63
81
  @config ||= Configuration.new
64
82
  instance_exec(@config, &block) if block_given?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-letsencrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - 蒼時弦也