forked from TrueCloudLab/certificates
42 lines
No EOL
1 KiB
JavaScript
42 lines
No EOL
1 KiB
JavaScript
const https = require('https');
|
|
const tls = require('tls');
|
|
const fs = require('fs');
|
|
|
|
var config = {
|
|
ca: '/var/run/autocert.step.sm/root.crt',
|
|
key: '/var/run/autocert.step.sm/site.key',
|
|
cert: '/var/run/autocert.step.sm/site.crt',
|
|
ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256',
|
|
minVersion: 'TLSv1.2',
|
|
maxVersion: 'TLSv1.2'
|
|
};
|
|
|
|
function createSecureContext() {
|
|
return tls.createSecureContext({
|
|
ca: fs.readFileSync(config.ca),
|
|
key: fs.readFileSync(config.key),
|
|
cert: fs.readFileSync(config.cert),
|
|
ciphers: config.ciphers,
|
|
});
|
|
}
|
|
|
|
var ctx = createSecureContext()
|
|
|
|
fs.watch(config.cert, (event, filename) => {
|
|
if (event == 'change') {
|
|
ctx = createSecureContext();
|
|
}
|
|
});
|
|
|
|
https.createServer({
|
|
requestCert: true,
|
|
rejectUnauthorized: true,
|
|
SNICallback: (servername, cb) => {
|
|
cb(null, ctx);
|
|
}
|
|
}, (req, res) => {
|
|
res.writeHead(200);
|
|
res.end('hello nodejs\n');
|
|
}).listen(443);
|
|
|
|
console.log("Listening on :443 ..."); |