Add hello-mTLS server example using nodejs.

Fixes smallstep/ca-component#138
This commit is contained in:
Mariano Cano 2019-02-06 15:14:39 -08:00
parent 0c53b0f310
commit 1197753f35
3 changed files with 79 additions and 0 deletions

View file

@ -0,0 +1,6 @@
FROM node:lts-alpine
RUN mkdir /src
ADD server.js /src
CMD ["node", "/src/server.js"]

View file

@ -0,0 +1,33 @@
apiVersion: v1
kind: Service
metadata:
labels: {app: hello-mtls}
name: hello-mtls
spec:
type: ClusterIP
ports:
- port: 443
targetPort: 443
selector: {app: hello-mtls}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-mtls
labels: {app: hello-mtls}
spec:
replicas: 1
selector: {matchLabels: {app: hello-mtls}}
template:
metadata:
annotations:
autocert.step.sm/name: hello-mtls.default.svc.cluster.local
labels: {app: hello-mtls}
spec:
containers:
- name: hello-mtls
image: hello-mtls-server-node:latest
imagePullPolicy: Never
resources: {requests: {cpu: 10m, memory: 20Mi}}

View file

@ -0,0 +1,40 @@
const https = require('https');
const tls = require('tls');
const fs = require('fs');
var config = {
ca: '/var/run/autocert.step.sm/root.crt',
key: '/var/run/autocert.step.sm/site.key',
cert: '/var/run/autocert.step.sm/site.crt',
ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256',
minVersion: 'TLSv1.2',
maxVersion: 'TLSv1.2'
}
function createSecureContext() {
return tls.createSecureContext({
ca: fs.readFileSync(config.ca),
key: fs.readFileSync(config.key),
cert: fs.readFileSync(config.cert),
ciphers: config.ciphers,
});
}
var ctx = createSecureContext()
fs.watch(config.cert, (event, filename) => {
if (event == 'change') {
ctx = createSecureContext()
}
});
https.createServer({
requestCert: true,
rejectUnauthorized: true,
SNICallback: (servername, cb) => {
cb(null, ctx);
}
}, (req, res) => {
res.writeHead(200);
res.end('hello nodejs\n');
}).listen(443);