Initial Release

Author: Adis Nezirovic

NOTES.rst

@@ -0,0 +1,127 @@
+Notes
+=====
+
+A few development notes and tips for HAProxy Lua ACME implementation.
+
+RFCs
+----
+
+In addition to standard HTTP, JSON, TLS formats and protocols, knowledge of
+other protocols/formats was necessary to develop ACME client.
+
+* ACME protocol - https://tools.ietf.org/html/draft-ietf-acme-acme-09
+* JWS (JSON Web Signature) - https://tools.ietf.org/html/rfc7515
+* JWK (JSON Web Key) - https://tools.ietf.org/html/rfc7517
+
+Tools
+-----
+
+Aside from `haproxy` and `curl`, additional software was used during
+development, for testing and debugging.
+
+Pebble
+++++++
+
+peble_ is a test ACME server with intented purpose to help with development of
+ACME clients. It uses slightly different ACME endpoints than referent ACME
+servers (all within specification), to force clients to properly implement
+endpoint discovery. It also presents some other transient challenges to clients
+(e.g. 15% of *nonces* are invalid), with the purpose of creating more robust
+client implementations.
+
+Server is a single binary, with configuration file in JSON format. By default
+it includes a test CA infrastructure, and creates server side certificates on
+the fly. There is also a simple acme client in the distribution,
+`peble-client`, which can be used as a reference/starting point other clients.
+
+Usage
+~~~~~
+After installing pebble, following their instructions, you can start it with:
+
+::
+
+  cd ~/go/src/github.com/letsencrypt/pebble
+  ~/go/bin/pebble
+
+It loads the configuration and certificates from `test` subdirectory, and binds
+to port 14000 by default.
+
+
+Boulder
++++++++
+
+boulder_ is a reference ACME server, used by Let's Encrypt organization. One
+can run it locally, via Docker Compose, for easier testing and validation.
+
+MitmProxy
++++++++++
+
+ACME protocol v2 mandates that clients use TLS to access the ACME server. That
+means we can't easily track request flow from ACME client to server (e.g. to
+debug our own client, or to observe `peble-client` behaviour). Unfortunately,
+while `wireshark` can support/decrypt static SSL traffic, it doesn't support
+Diffie-Hellman key exchanges, so decrypting standard TLS traffic is impossible.
+
+mitmproxy_ is a TLS capable HTTP proxy for software developers and penetration
+testers. We can use it to observe traffic between local ACME client and local
+ACME server.
+
+Usage
+~~~~~
+
+When you run peble it will create server key and cert in 
+`~/go/src/github.com/letsencrypt/pebble/test/certs/localhost`. You need to
+concat test key and cert into single file (`mitm.pem` in our example)
+
+::
+
+  sudo mitmweb -R https://localhost:14000 -p 443 --no-browser --insecure --cert localhost=~/go/src/github.com/letsencrypt/pebble/test/certs/localhost/mitm.pem
+  Proxy server listening at http://0.0.0.0:443/
+  Web   server listening at http://127.0.0.1:8081/
+
+For the time being, it is necesarry to run mitmproxy with sudo, binding to port
+443, even if we'd like to run it on some nonprivileged port, e.g. 8443
+
+::
+
+  sudo mitmweb -R https://localhost:14000 -p 8443 --no-browser --insecure --cert localhost=~/go/src/github.com/letsencrypt/pebble/test/certs/localhost/mitm.pem
+  Proxy server listening at http://0.0.0.0:443/
+  Web   server listening at http://127.0.0.1:8081/
+   
+When we run discovery query against the ACME server (through mitmproxy), we
+get this:
+
+::
+
+  curl -k https://localhost:8443/dir 
+  {
+    "meta": {
+      "termsOfService": "data:text/plain,Do%20what%20thou%20wilt"
+     },
+     "newAccount": "https://localhost/sign-me-up",
+     "newNonce": "https://localhost/nonce-plz",
+     "newOrder": "https://localhost/order-plz"
+  }
+
+were we'd expect to get 
+
+::
+
+  {
+    "meta": {
+      "termsOfService": "data:text/plain,Do%20what%20thou%20wilt"
+     },
+     "newAccount": "https://localhost:8443/sign-me-up",
+     "newNonce": "https://localhost:8443/nonce-plz",
+     "newOrder": "https://localhost:8443/order-plz"
+  }
+
+mitmproxy doesn't pass full host info to the upstream, i.e. it doesn't respect
+HTTP 1.1 RFC (https://tools.ietf.org/html/rfc7230#section-5.4), where `Host`
+header **must** include hostname and port if port is not 80 (for http) or 443
+(for https). Hence, we force mitmproxy to run on standard HTTPS port, where
+explicit port is not required.
+
+.. _peble: https://github.com/letsencrypt/pebble
+.. _boulder: https://github.com/letsencrypt/boulder
+.. _mitmproxy: https://mitmproxy.org

README.rst

@@ -0,0 +1,136 @@
+HAProxy ACME v2 client
+======================
+
+This is a client implementation for ACME (Automatic Certificate Management
+Environment) protocol, currently draft IETF standard
+(https://tools.ietf.org/html/draft-ietf-acme-acme-12)
+
+The protocol will be supported by Let's Encrypt project from March 2018.
+and it is expected that other *Certificate Authorities* will support this
+ACME version in the future.
+
+Intro
+-----
+The main idea of this ACME client is to implement as much functionality inside
+HAProxy. In addition to supporting single instance HAProxy installations, we
+also aim to support multi-instance deployments (i.e. you have a cluster of load
+balancers on which you want to use ACME issued certs).
+
+By using the internal HTTP interface (and http client such as `curl`), you will
+be able to execute the following:
+
+- Upload your own account and domain keys (only RSA keys for now)
+- Automatically register your account on ACME servers (linked to your account
+  key)
+- Request and receive certificates for your domains
+
+The only thing you need to do on your own is to save the received certificate
+bundles and reload HAProxy.
+
+
+Requirements
+------------
+
+* A modern HAProxy version (v1.8) with Lua support (check with
+  ``haproxy -vv | grep USE_LUA=1``)
+* `haproxy-lua-http` - Lua HTTP server/client for HAProxy Lua host
+* `json.lua` - Lua JSON library (https://github.com/rxi/json.lua)
+* `lua-ossl` - OpenSSL bindings for Lua (https://github.com/wahern/luaossl)
+
+
+Configuration
+-------------
+
+Install the required Lua libraries to proper LUA_PATH location, and configure
+haproxy as follows:
+
+::
+
+  global
+      log /dev/log local0 debug
+      nbproc 1
+      daemon
+      lua-load config.lua
+      lua-load acme.lua
+
+  defaults
+      log global
+      mode http
+      option httplog
+      timeout connect 5s
+      timeout client 10s
+      timeout server 10s
+
+  listen http
+      bind *:80
+      http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/  }
+
+  listen acme
+      bind 127.0.0.1:9011
+      http-request use-service lua.acme
+
+  listen acme-ca
+    bind 127.0.0.1:9012
+    server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem
+
+Configuration is kept in a separate Lua file, where you must explicitly set
+``termsOfServiceAgreed`` option to ``true`` in order to be able to acquire
+certs. Before doing that, please read latest Let's Encrypt terms of service and
+subscriber agreement available at https://letsencrypt.org/repository/
+
+::
+
+  config = {
+      registration = {
+          -- You can read TOS here: https://letsencrypt.org/repository/
+          termsOfServiceAgreed = false,
+          contact = {"mailto:postmaster@example.net"}
+      },
+
+      -- ACME certificate authority configuration
+      ca = {
+          -- HAProxy backend/server which proxies requests to ACME server
+          proxy_uri = "http://127.0.0.1:9012",
+          -- ACME server URI (also returned by ACME directory listings)
+          -- Use this server name in HAProxy config
+          uri = "https://acme-v02.api.letsencrypt.org",
+      }
+  }
+
+Key creation
+------------
+
+Although Lua module is able to create account key or domain automatically, for
+performance and security reasons we require that you create your keys
+separately.
+
+Currently, we only support RSA keys. For account key, key size should be
+4096bits, and for domain key 2048bits (minimal key sizes are also enforced by
+Let's Encrypt).
+
+You can use the following commands to create keys. Note that you need a modern
+openssl version, we don't use ``openssl genrsa`` but ``openssl genpkey``, as
+we're going to use the same command to create ECDSA keys in the future.
+
+::
+
+  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
+  openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key
+
+
+Usage
+-----
+
+After you have provisioned your keys, you can run certificate order via HTTP.
+For example by using curl to POST data in *multipart/form-data* format:
+
+::
+
+  curl -XPOST http://127.0.0.1:9011/acme/order -F 'account_key=@account.key' \
+       -F 'domain=example.net' -F 'domain_key=@example.net.key' \
+       -F 'aliases=www.example.net,example.com,www.example.com' \
+       -o example.net.pem
+
+Aliases are optional, and we use curl ``@`` syntax to post files.
+The output is full certificate chain (with key appended), suitable for direct
+consumption by HAProxy.