Search code examples
node.jsexpresshttpsvhostsgreenlock

NodeJS Subdomain w/ vhost and greenlock-express

I'm new to Node and I want my website, dacio.app, working with subdomains for my college projects using vhost.

However, I need to have it secured due to the requirement for .app domains, so I'm using greenlock-express to automate it.

Don't be frontin', yo! TLS SNI 'giphy.dacio.app' does not match 'Host: potatoes.dacio.app'

I've tried using the vhost example in the repo, but it doesn't look like server-static supports express apps.

Any tips on how to get this working? I keep hearing about reverse proxies, but I'm not sure if it's worth the effort as I don't even know if it would work - would it help?

server.js

#!/usr/bin/env node
'use strict';

// DEPENDENCIES
const express = require('express');
const vhost   = require('vhost');
const path    = require('path');
const glx     = require('greenlock-express');

// MIDDLEWARE
const app = express();
const giphyApp = require('../giphy-search');
const potatoesApp = require('../rotten-potatoes');
const portfolioApp = require('../dacio.app');

// ROUTES
app.use(vhost('giphy.dacio.app', giphyApp));
app.use(vhost('potatoes.dacio.app', potatoesApp));
app.use(portfolioApp);

// GREENLOCK for HTTPS
glx.create({
    version: 'draft-11',
    server: 'https://acme-v02.api.letsencrypt.org/directory',
    email: 'dacioromero@gmail.com',
    agreeTos: true,
    approveDomains: [ 'dacio.app', 'giphy.dacio.app', 'potatoes.dacio.app' ],
    configDir: '~/.config/acme/',
    app: app,
    communityMember: false
}).listen(80, 443);
Solution

  • I've switched to using redbird which seems to accomplish everything I was hoping to do.

    const path = require('path')

const proxy = require('redbird')({
    port: 80,
    letsencrypt: {
        path: path.join(__dirname, '/certs'),
        port: 9999
    },
    ssl: {
        http2: true,
        port: 443
    }
});

proxy.register('dacio.app', 'http://localhost:8080', {
    ssl: {
        letsencrypt: {
            email: 'dacioromero@gmail.com',
            production: true,
        }
    }
});

proxy.register('giphy.dacio.app', 'http://localhost:8081', {
    ssl: {
        letsencrypt: {
            email: 'dacioromero@gmail.com',
            production: true
        }
    }
})

proxy.register('potatoes.dacio.app', 'http://localhost:8082', {
    ssl: {
        letsencrypt: {
            email: 'dacioromero@gmail.com',
            production: true
        }
    }
});