Add SNI example

tshemsedinov · tshemsedinov · commit 8f4f38d2e1c6 · 2023-06-01T17:37:21.000+03:00
diff --git a/native-sni/README.md b/native-sni/README.md
@@ -0,0 +1,22 @@
+# Start HTTP server
+
+## With self-signed certificate (for testing)
+
+- Generate certificates, run: `./cert/generate.sh`
+- Start server: `node server.js`
+- Open in browser: `https://127.0.0.1:8000/`
+
+## With certbot (for production)
+
+- Let's Encrypt is a free certificate authority: https://letsencrypt.org/
+- Use Certbot (free tool for automatically generatinging Let’s Encrypt
+  certificates to enable HTTPS): https://certbot.eff.org/
+  - Install: `dnf -y install certbot`
+- Generate certificate:
+  `certbot certonly --standalone -d www.domain.com -d domain.com -m your.name@domain.com --agree-tos --no-eff-email`
+- Copy certificate:
+  `cp /etc/letsencrypt/live/domain.com/fullchain.pem ./cert/cert.pem`
+- Copy private key:
+  `cp /etc/letsencrypt/live/domain.com/privkey.pem ./cert/key.pem`
+- Or use your web server for challenge exchange:
+  `certbot certonly --webroot -w ./ -d domain.com -m your.name@domain.com --agree-tos --no-eff-email`
diff --git a/native-sni/cert/generate.ext b/native-sni/cert/generate.ext
@@ -0,0 +1,10 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = domain.com
+DNS.2 = localhost
+IP.1 = 127.0.0.1
+IP.2 = ::1
diff --git a/native-sni/cert/generate.sh b/native-sni/cert/generate.sh
@@ -0,0 +1,5 @@
+cd "$(dirname "$0")"
+openssl genrsa -out key.pem 3072
+openssl req -new -out self.pem -key key.pem -subj '/CN=localhost'
+openssl req -text -noout -in self.pem
+openssl x509 -req -days 1024 -in self.pem -signkey key.pem -out cert.pem -extfile generate.ext
diff --git a/native-sni/server.js b/native-sni/server.js
@@ -0,0 +1,63 @@
+'use strict';
+
+const fs = require('node:fs');
+const https = require('node:https');
+const tls = require('node:tls');
+
+const user = { name: 'jura', age: 22 };
+
+const routing = {
+  '/': '<h1>welcome to homepage</h1><hr>',
+  '/user': user,
+  '/user/name': () => user.name.toUpperCase(),
+  '/user/age': () => user.age,
+  '/hello': { hello: 'world', andArray: [1, 2, 3, 4, 5, 6, 7] },
+  '/api/method1': (req, res) => {
+    console.log(req.url + ' ' + res.statusCode);
+    return { status: res.statusCode };
+  },
+  '/api/method2': (req) => ({
+    user,
+    url: req.url,
+    cookie: req.headers.cookie
+  }),
+};
+
+const types = {
+  object: JSON.stringify,
+  string: (s) => s,
+  undefined: () => 'not found',
+  function: (fn, req, res) => JSON.stringify(fn(req, res)),
+};
+
+const key = fs.readFileSync('./cert/key.pem');
+const cert = fs.readFileSync('./cert/cert.pem');
+
+const domains = {
+  '127.0.0.1': tls.createSecureContext({ key, cert }),
+  'localhost': tls.createSecureContext({ key, cert }),
+};
+
+const sni = (servername, callback) => {
+  console.log({ servername });
+  const creds = domains[servername];
+  if (!creds) callback(new Error(`No certificate for ${servername}`));
+  callback(null, creds);
+};
+
+const options = { key, cert, SNICallback: sni };
+
+const server = https.createServer(options, (req, res) => {
+  const data = routing[req.url];
+  const type = typeof data;
+  const serializer = types[type];
+  const result = serializer(data, req, res);
+  res.end(result);
+});
+
+
+server.listen(8000);
+console.log('Open: https://127.0.0.1:8000');
+console.log('   or https://localhost:8000');
+
+setInterval(() => user.age++, 2000);
