roster-server 2.1.8 → 2.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +37 -22
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -726,7 +726,7 @@ class Roster {
726
726
  }
727
727
  });
728
728
 
729
- return greenlock.ready(glx => {
729
+ return greenlock.ready(async glx => {
730
730
  const httpServer = glx.httpServer();
731
731
 
732
732
  // Group sites by port
@@ -845,6 +845,26 @@ class Roster {
845
845
  }
846
846
  return null;
847
847
  };
848
+ const ensureBunDefaultPems = async (primaryDomain) => {
849
+ let pems = resolvePemsForServername(primaryDomain);
850
+ if (pems) return pems;
851
+
852
+ const certSubject = primaryDomain.startsWith('*.') ? wildcardRoot(primaryDomain) : primaryDomain;
853
+ log.warn(`⚠️ Bun runtime detected and cert files missing for ${primaryDomain}; requesting certificate via Greenlock before HTTPS bind`);
854
+ try {
855
+ await greenlock.get({ servername: certSubject });
856
+ } catch (error) {
857
+ log.error(`❌ Failed to obtain certificate for ${certSubject} under Bun:`, error?.message || error);
858
+ }
859
+
860
+ pems = resolvePemsForServername(primaryDomain);
861
+ if (pems) return pems;
862
+
863
+ throw new Error(
864
+ `Bun runtime could not load TLS certificate files for ${primaryDomain}. ` +
865
+ `Refusing to start HTTPS on port ${portNum} to avoid serving invalid TLS.`
866
+ );
867
+ };
848
868
 
849
869
  if (portNum === this.defaultPort) {
850
870
  // Bun has known gaps around SNICallback compatibility.
@@ -855,28 +875,23 @@ class Roster {
855
875
 
856
876
  if (isBunRuntime) {
857
877
  const primaryDomain = Object.keys(portData.virtualServers)[0];
858
- // Greenlock stores certs by subject (e.g. tagnu.com), not by wildcard (*.tagnu.com)
859
- const defaultPems = resolvePemsForServername(primaryDomain);
860
-
861
- if (defaultPems) {
862
- httpsServer = https.createServer({
863
- ...tlsOpts,
864
- key: defaultPems.key,
865
- cert: defaultPems.cert,
866
- SNICallback: (servername, callback) => {
867
- try {
868
- const pems = resolvePemsForServername(servername) || defaultPems;
869
- callback(null, tls.createSecureContext({ key: pems.key, cert: pems.cert }));
870
- } catch (error) {
871
- callback(error);
872
- }
878
+ // Under Bun, avoid glx.httpsServer fallback (may serve invalid TLS on :443).
879
+ // Require concrete PEM files and create native https server directly.
880
+ const defaultPems = await ensureBunDefaultPems(primaryDomain);
881
+ httpsServer = https.createServer({
882
+ ...tlsOpts,
883
+ key: defaultPems.key,
884
+ cert: defaultPems.cert,
885
+ SNICallback: (servername, callback) => {
886
+ try {
887
+ const pems = resolvePemsForServername(servername) || defaultPems;
888
+ callback(null, tls.createSecureContext({ key: pems.key, cert: pems.cert }));
889
+ } catch (error) {
890
+ callback(error);
873
891
  }
874
- }, dispatcher);
875
- log.warn(`⚠️ Bun runtime detected: using file-based TLS with SNI for ${primaryDomain} on port ${portNum}`);
876
- } else {
877
- log.warn(`⚠️ Bun runtime detected but cert files missing for ${primaryDomain}; falling back to Greenlock HTTPS server`);
878
- httpsServer = glx.httpsServer(tlsOpts, dispatcher);
879
- }
892
+ }
893
+ }, dispatcher);
894
+ log.warn(`⚠️ Bun runtime detected: using file-based TLS with SNI for ${primaryDomain} on port ${portNum}`);
880
895
  } else {
881
896
  httpsServer = glx.httpsServer(tlsOpts, dispatcher);
882
897
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "roster-server",
3
- "version": "2.1.8",
3
+ "version": "2.1.10",
4
4
  "description": "👾 RosterServer - A domain host router to host multiple HTTPS.",
5
5
  "main": "index.js",
6
6
  "scripts": {