feat: admin ssl - renew cert + toggle redirection btn

client/components/admin/admin-ssl.vue

@@ -8,163 +8,259 @@
             .headline.primary--text.animated.fadeInLeft {{ $t('admin:ssl.title') }}
             .subtitle-1.grey--text.animated.fadeInLeft {{ $t('admin:ssl.subtitle') }}
           v-spacer
-          v-btn.animated.fadeInDown(color='success', depressed, @click='save', large)
-            v-icon(left) mdi-check
-            span {{$t('common:actions.apply')}}
+          v-btn.animated.fadeInDown(
+            v-if='info.sslProvider === `letsencrypt`'
+            color='black'
+            dark
+            depressed
+            @click='renewCertificate'
+            large
+            :loading='loadingRenew'
+            )
+            v-icon(left) mdi-cached
+            span {{$t('admin:ssl.renewCertificate')}}
         v-form.pt-3
           v-layout(row wrap)
             v-flex(lg6 xs12)
-              v-form
-                v-card.animated.fadeInUp
-                  v-toolbar(color='primary', dark, dense, flat)
-                    v-toolbar-title.subtitle-1 {{ $t('admin:ssl.provider') }}
-                  v-card-text
-                    v-select(
-                      :items='providers'
-                      outlined
-                      :label='$t(`admin:ssl.provider`)'
-                      required
-                      :counter='255'
-                      v-model='config.provider'
-                      prepend-icon='mdi-handshake'
-                      :hint='$t(`admin:ssl.providerHint`)'
-                      persistent-hint
-                      )
-                    v-text-field.mt-3(
-                      outlined
-                      :label='$t(`admin:ssl.domain`)'
-                      required
-                      :counter='255'
-                      v-model='config.domain'
-                      prepend-icon='mdi-earth'
-                      :hint='$t(`admin:ssl.domainHint`)'
-                      persistent-hint
-                      :disabled='config.provider === ``'
-                      )
-
-              v-card.animated.fadeInUp.wait-p2s.mt-3(v-if='config.provider !== ``')
-                v-toolbar(color='primary', dark, dense, flat)
-                  v-toolbar-title.subtitle-1 {{$t('admin:ssl.providerOptions')}}
-                v-card-text ---
+              v-card.animated.fadeInUp
+                v-subheader {{ $t('admin:ssl.currentState') }}
+                v-list(two-line, dense)
+                  v-list-item
+                    v-list-item-avatar
+                      v-icon.indigo.white--text mdi-handshake
+                    v-list-item-content
+                      v-list-item-title {{ $t(`admin:ssl.provider`) }}
+                      v-list-item-subtitle {{ providerTitle }}
+                  template(v-if='info.sslProvider === `letsencrypt`')
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.indigo.white--text mdi-application
+                      v-list-item-content
+                        v-list-item-title {{ $t(`admin:ssl.domain`) }}
+                        v-list-item-subtitle {{ info.sslDomain }}
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.indigo.white--text mdi-at
+                      v-list-item-content
+                        v-list-item-title {{ $t('admin:ssl.subscriberEmail') }}
+                        v-list-item-subtitle {{ info.sslSubscriberEmail }}
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.indigo.white--text mdi-calendar-remove-outline
+                      v-list-item-content
+                        v-list-item-title {{ $t('admin:ssl.expiration') }}
+                        v-list-item-subtitle {{ info.sslExpirationDate | moment('calendar') }}
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.indigo.white--text mdi-traffic-light
+                      v-list-item-content
+                        v-list-item-title {{ $t(`admin:ssl.status`) }}
+                        v-list-item-subtitle {{ info.sslStatus }}
 
             v-flex(lg6 xs12)
               v-card.animated.fadeInUp.wait-p2s
-                  v-toolbar(color='primary', dark, dense, flat)
-                    v-toolbar-title.subtitle-1 {{ $t('admin:ssl.ports') }}
-                  v-card-text
-                    v-row
-                      v-col(cols='6')
-                        v-text-field(
-                          outlined
-                          :label='$t(`admin:ssl.httpPort`)'
-                          v-model='config.httpPort'
-                          prepend-icon='mdi-lock-open-variant-outline'
-                          :hint='$t(`admin:ssl.httpPortHint`)'
-                          persistent-hint
-                          )
-                      v-col(cols='6')
-                        v-checkbox(
-                          :label='$t(`admin:ssl.httpPortRedirect`)'
-                          v-model='config.httpRedirect'
-                          :hint='$t(`admin:ssl.httpPortRedirectHint`)'
-                          :disabled='config.provider === ``'
-                          persistent-hint
-                          color='primary'
+                v-subheader {{ $t('admin:ssl.ports') }}
+                v-list(two-line, dense)
+                  v-list-item
+                    v-list-item-avatar
+                      v-icon.blue.white--text mdi-lock-open-variant
+                    v-list-item-content
+                      v-list-item-title {{ $t(`admin:ssl.httpPort`) }}
+                      v-list-item-subtitle {{ info.httpPort }}
+                  template(v-if='info.httpsPort > 0')
+                    v-divider
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.green.white--text mdi-lock
+                      v-list-item-content
+                        v-list-item-title {{ $t(`admin:ssl.httpsPort`) }}
+                        v-list-item-subtitle {{ info.httpsPort }}
+                    v-divider
+                    v-list-item
+                      v-list-item-avatar
+                        v-icon.indigo.white--text mdi-sign-direction
+                      v-list-item-content
+                        v-list-item-title {{ $t(`admin:ssl.httpPortRedirect`) }}
+                        v-list-item-subtitle {{ info.httpRedirection }}
+                      v-list-item-action
+                        v-btn.red--text(
+                          v-if='info.httpRedirection'
+                          depressed
+                          :color='$vuetify.theme.dark ? `red darken-4` : `red lighten-5`'
+                          :class='$vuetify.theme.dark ? `text--lighten-5` : `text--darken-2`'
+                          @click='toggleRedir'
+                          :loading='loadingRedir'
                           )
-                      v-col(cols='6')
-                        v-text-field(
-                          outlined
-                          :label='$t(`admin:ssl.httpsPort`)'
-                          v-model='config.httpsPort'
-                          prepend-icon='mdi-lock'
-                          :hint='$t(`admin:ssl.httpsPortHint`)'
-                          persistent-hint
-                          :disabled='config.provider === ``'
+                          v-icon(left) mdi-power
+                          span {{$t('admin:ssl.httpPortRedirectTurnOff')}}
+                        v-btn.green--text(
+                          v-else
+                          depressed
+                          :color='$vuetify.theme.dark ? `green darken-4` : `green lighten-5`'
+                          :class='$vuetify.theme.dark ? `text--lighten-5` : `text--darken-2`'
+                          @click='toggleRedir'
+                          :loading='loadingRedir'
                           )
-                  v-card-text.grey(:class='$vuetify.theme.dark ? `darken-4-l5` : `lighten-4`')
-                    .caption {{$t(`admin:ssl.writableConfigFileWarning`)}}
+                          v-icon(left) mdi-power
+                          span {{$t('admin:ssl.httpPortRedirectTurnOn')}}
+
+    v-dialog(
+      v-model='loadingRenew'
+      persistent
+      max-width='450'
+      )
+      v-card(color='black', dark)
+        v-card-text.pa-10.text-center
+          semipolar-spinner.animated.fadeIn(
+            :animation-duration='1500'
+            :size='65'
+            color='#FFF'
+            style='margin: 0 auto;'
+          )
+          .mt-5.body-1.white--text {{$t('admin:ssl.renewCertificateLoadingTitle')}}
+          .caption.mt-4 {{$t('admin:ssl.renewCertificateLoadingSubtitle')}}
 
 </template>
 
 <script>
 import _ from 'lodash'
-import siteConfigQuery from 'gql/admin/site/site-query-config.gql'
-import siteUpdateConfigMutation from 'gql/admin/site/site-mutation-save-config.gql'
+import gql from 'graphql-tag'
+
+import { SemipolarSpinner } from 'epic-spinners'
 
 export default {
+  components: {
+    SemipolarSpinner
+  },
   data() {
     return {
-      config: {
-        provider: '',
-        domain: '',
-        httpPort: 3000,
-        httpPortRedirect: true,
-        httpsPort: 443
+      loadingRenew: false,
+      loadingRedir: false,
+      info: {
+        sslDomain: '',
+        sslProvider: '',
+        sslSubscriberEmail: '',
+        sslExpirationDate: false,
+        sslStatus: '',
+        httpPort: 0,
+        httpRedirection: false,
+        httpsPort: 0
       }
     }
   },
   computed: {
-    providers () {
-      return [
-        { text: this.$t('admin:ssl.providerDisabled'), value: '' },
-        { text: this.$t('admin:ssl.providerLetsEncrypt'), value: 'letsencrypt' },
-        { text: this.$t('admin:ssl.providerCustomCertificate'), value: 'custom' }
-      ]
+    providerTitle () {
+      switch (this.info.sslProvider) {
+        case 'custom':
+          return this.$t('admin:ssl.providerCustomCertificate')
+        case 'letsencrypt':
+          return this.$t('admin:ssl.providerLetsEncrypt')
+        default:
+          return this.$t('admin:ssl.providerDisabled')
+      }
     }
   },
   methods: {
-    async save () {
+    async toggleRedir () {
+      this.loadingRedir = true
       try {
+        this.info.httpRedirection = !this.info.httpRedirection
         await this.$apollo.mutate({
-          mutation: siteUpdateConfigMutation,
+          mutation: gql`
+            mutation ($enabled: Boolean!) {
+              system {
+                setHTTPSRedirection(enabled: $enabled) {
+                  responseResult {
+                    succeeded
+                    errorCode
+                    slug
+                    message
+                  }
+                }
+              }
+            }
+          `,
           variables: {
-            host: _.get(this.config, 'host', ''),
-            title: _.get(this.config, 'title', ''),
-            description: _.get(this.config, 'description', ''),
-            robots: _.get(this.config, 'robots', []),
-            analyticsService: _.get(this.config, 'analyticsService', ''),
-            analyticsId: _.get(this.config, 'analyticsId', ''),
-            company: _.get(this.config, 'company', ''),
-            hasLogo: _.get(this.config, 'hasLogo', false),
-            logoIsSquare: _.get(this.config, 'logoIsSquare', false),
-            featurePageRatings: _.get(this.config, 'featurePageRatings', false),
-            featurePageComments: _.get(this.config, 'featurePageComments', false),
-            featurePersonalWikis: _.get(this.config, 'featurePersonalWikis', false),
-            securityIframe: _.get(this.config, 'securityIframe', false),
-            securityReferrerPolicy: _.get(this.config, 'securityReferrerPolicy', false),
-            securityTrustProxy: _.get(this.config, 'securityTrustProxy', false),
-            securitySRI: _.get(this.config, 'securitySRI', false),
-            securityHSTS: _.get(this.config, 'securityHSTS', false),
-            securityHSTSDuration: _.get(this.config, 'securityHSTSDuration', 0),
-            securityCSP: _.get(this.config, 'securityCSP', false),
-            securityCSPDirectives: _.get(this.config, 'securityCSPDirectives', '')
+            enabled: _.get(this.info, 'httpRedirection', false)
           },
           watchLoading (isLoading) {
-            this.$store.commit(`loading${isLoading ? 'Start' : 'Stop'}`, 'admin-site-update')
+            this.$store.commit(`loading${isLoading ? 'Start' : 'Stop'}`, 'admin-ssl-toggleRedirection')
           }
         })
         this.$store.commit('showNotification', {
           style: 'success',
-          message: 'Configuration saved successfully.',
+          message: this.$t('admin:ssl.httpPortRedirectSaveSuccess'),
           icon: 'check'
         })
-        this.siteTitle = this.config.title
-        this.company = this.config.company
       } catch (err) {
+        this.info.httpRedirection = !this.info.httpRedirection
         this.$store.commit('pushGraphError', err)
       }
+      this.loadingRedir = false
+    },
+    async renewCertificate () {
+      this.loadingRenew = true
+      try {
+        const respRaw = await this.$apollo.mutate({
+          mutation: gql`
+            mutation {
+              system {
+                renewHTTPSCertificate {
+                  responseResult {
+                    succeeded
+                    errorCode
+                    slug
+                    message
+                  }
+                }
+              }
+            }
+          `,
+          watchLoading (isLoading) {
+            this.$store.commit(`loading${isLoading ? 'Start' : 'Stop'}`, 'admin-ssl-renew')
+          }
+        })
+        const resp = _.get(respRaw, 'data.system.renewHTTPSCertificate.responseResult', {})
+        if (resp.succeeded) {
+          this.$store.commit('showNotification', {
+            style: 'success',
+            message: this.$t('admin:ssl.renewCertificateSuccess'),
+            icon: 'check'
+          })
+        } else {
+          throw new Error(resp.message)
+        }
+      } catch (err) {
+        this.$store.commit('pushGraphError', err)
+      }
+      this.loadingRenew = false
+    }
+  },
+  apollo: {
+    info: {
+      query: gql`
+        {
+          system {
+            info {
+              httpPort
+              httpRedirection
+              httpsPort
+              sslDomain
+              sslExpirationDate
+              sslProvider
+              sslStatus
+              sslSubscriberEmail
+            }
+          }
+        }
+      `,
+      fetchPolicy: 'network-only',
+      update: (data) => _.cloneDeep(data.system.info),
+      watchLoading (isLoading) {
+        this.$store.commit(`loading${isLoading ? 'Start' : 'Stop'}`, 'admin-ssl-refresh')
+      }
     }
   }
-  // apollo: {
-  //   config: {
-  //     query: siteConfigQuery,
-  //     fetchPolicy: 'network-only',
-  //     update: (data) => _.cloneDeep(data.site.config),
-  //     watchLoading (isLoading) {
-  //       this.$store.commit(`loading${isLoading ? 'Start' : 'Stop'}`, 'admin-site-refresh')
-  //     }
-  //   }
-  // }
 }
 </script>
 

package.json

@@ -73,7 +73,7 @@
     "express": "4.17.1",
     "express-brute": "1.0.1",
     "express-session": "1.17.0",
-    "file-type": "13.1.0",
+    "file-type": "13.1.1",
     "filesize": "6.0.1",
     "fs-extra": "8.1.0",
     "getos": "3.1.1",
@@ -121,7 +121,7 @@
     "node-2fa": "1.1.2",
     "node-cache": "5.1.0",
     "nodemailer": "6.4.2",
-    "objection": "1.6.11",
+    "objection": "2.1.2",
     "passport": "0.4.1",
     "passport-auth0": "1.3.1",
     "passport-azure-ad": "4.2.1",
@@ -158,7 +158,7 @@
     "scim-query-filter-parser": "2.0.4",
     "semver": "7.1.1",
     "serve-favicon": "2.5.0",
-    "simple-git": "1.129.0",
+    "simple-git": "1.130.0",
     "solr-node": "1.2.1",
     "sqlite3": "4.1.1",
     "ssh2": "0.8.7",
@@ -188,7 +188,7 @@
     "@babel/plugin-syntax-import-meta": "^7.8.3",
     "@babel/polyfill": "^7.8.3",
     "@babel/preset-env": "^7.8.3",
-    "@mdi/font": "4.7.95",
+    "@mdi/font": "4.8.95",
     "@panter/vue-i18next": "0.15.1",
     "@requarks/ckeditor5": "12.4.0-wiki.14",
     "@vue/babel-preset-app": "4.1.2",

server/app/data.yml

@@ -54,6 +54,8 @@ defaults:
       securityHSTSDuration: 300
       securityCSP: false
       securityCSPDirectives: ''
+    server:
+      sslRedir: false
     flags:
       ldapdebug: false
       sqllog: false

server/controllers/letsencrypt.js → server/controllers/ssl.js

 const express = require('express')
 const router = express.Router()
 const _ = require('lodash')
+const qs = require('querystring')
 
 /* global WIKI */
 
@@ -22,4 +23,16 @@ router.get('/.well-known/acme-challenge/:token', (req, res, next) => {
   }
 })
 
+/**
+ * Redirect to HTTPS if HTTP Redirection is enabled
+ */
+router.all('/*', (req, res, next) => {
+  if (WIKI.config.server.sslRedir && !req.secure && WIKI.servers.servers.https) {
+    let query = (!_.isEmpty(req.query)) ? `?${qs.stringify(req.query)}` : ``
+    return res.redirect(`https://${req.hostname}${req.originalUrl}${query}`)
+  } else {
+    next()
+  }
+})
+
 module.exports = router

server/core/servers.js

@@ -46,7 +46,7 @@ module.exports = {
     })
 
     this.servers.http.on('connection', conn => {
-      let connKey = `${conn.remoteAddress}:${conn.remotePort}`
+      let connKey = `http:${conn.remoteAddress}:${conn.remotePort}`
       this.connections.set(connKey, conn)
       conn.on('close', () => {
         this.connections.delete(connKey)
@@ -108,7 +108,7 @@ module.exports = {
     })
 
     this.servers.https.on('connection', conn => {
-      let connKey = `${conn.remoteAddress}:${conn.remotePort}`
+      let connKey = `https:${conn.remoteAddress}:${conn.remotePort}`
       this.connections.set(connKey, conn)
       conn.on('close', () => {
         this.connections.delete(connKey)
@@ -135,11 +135,17 @@ module.exports = {
   /**
    * Close all active connections
    */
-  closeConnections () {
-    for (const conn of this.connections.values()) {
+  closeConnections (mode = 'all') {
+    for (const [key, conn] of this.connections) {
+      if (mode !== `all` && key.indexOf(`${mode}:`) !== 0) {
+        continue
+      }
       conn.destroy()
+      this.connections.delete(key)
+    }
+    if (mode === 'all') {
+      this.connections.clear()
     }
-    this.connections.clear()
   },
   /**
    * Stop all servers
@@ -155,5 +161,29 @@ module.exports = {
       this.servers.https = null
     }
     this.servers.graph = null
+  },
+  /**
+   * Restart Server
+   */
+  async restartServer (srv = 'https') {
+    this.closeConnections(srv)
+    switch (srv) {
+      case 'http':
+        if (this.servers.http) {
+          await Promise.fromCallback(cb => { this.servers.http.close(cb) })
+          this.servers.http = null
+        }
+        this.startHTTP()
+        break
+      case 'https':
+        if (this.servers.https) {
+          await Promise.fromCallback(cb => { this.servers.https.close(cb) })
+          this.servers.https = null
+        }
+        this.startHTTPS()
+        break
+      default:
+        throw new Error('Cannot restart server: Invalid designation')
+    }
   }
 }

server/graph/resolvers/system.js

@@ -220,6 +220,38 @@ module.exports = {
       } catch (err) {
         return graphHelper.generateError(err)
       }
+    },
+    /**
+     * Set HTTPS Redirection State
+     */
+    async setHTTPSRedirection (obj, args, context) {
+      _.set(WIKI.config, 'server.sslRedir', args.enabled)
+      await WIKI.configSvc.saveToDb(['server'])
+      return {
+        responseResult: graphHelper.generateSuccess('HTTP Redirection state set successfully.')
+      }
+    },
+    /**
+     * Renew SSL Certificate
+     */
+    async renewHTTPSCertificate (obj, args, context) {
+      try {
+        if (!WIKI.config.ssl.enabled) {
+          throw new WIKI.Error.SystemSSLDisabled()
+        } else if (WIKI.config.ssl.provider !== `letsencrypt`) {
+          throw new WIKI.Error.SystemSSLRenewInvalidProvider()
+        } else if (!WIKI.servers.le) {
+          throw new WIKI.Error.SystemSSLLEUnavailable()
+        } else {
+          await WIKI.servers.le.requestCertificate()
+          await WIKI.servers.restartServer('https')
+          return {
+            responseResult: graphHelper.generateSuccess('SSL Certificate renewed successfully.')
+          }
+        }
+      } catch (err) {
+        return graphHelper.generateError(err)
+      }
     }
   },
   SystemInfo: {
@@ -266,6 +298,15 @@ module.exports = {
     hostname () {
       return os.hostname()
     },
+    httpPort () {
+      return WIKI.servers.servers.http ? _.get(WIKI.servers.servers.http.address(), 'port', 0) : 0
+    },
+    httpRedirection () {
+      return _.get(WIKI.config, 'server.sslRedir', false)
+    },
+    httpsPort () {
+      return WIKI.servers.servers.https ? _.get(WIKI.servers.servers.https.address(), 'port', 0) : 0
+    },
     latestVersion () {
       return WIKI.system.updates.version
     },
@@ -293,6 +334,21 @@ module.exports = {
     ramTotal () {
       return filesize(os.totalmem())
     },
+    sslDomain () {
+      return WIKI.config.ssl.enabled && WIKI.config.ssl.provider === `letsencrypt` ? WIKI.config.ssl.domain : null
+    },
+    sslExpirationDate () {
+      return WIKI.config.ssl.enabled && WIKI.config.ssl.provider === `letsencrypt` ? _.get(WIKI.config.letsencrypt, 'payload.expires', null) : null
+    },
+    sslProvider () {
+      return WIKI.config.ssl.enabled ? WIKI.config.ssl.provider : null
+    },
+    sslStatus () {
+      return 'OK'
+    },
+    sslSubscriberEmail () {
+      return WIKI.config.ssl.enabled && WIKI.config.ssl.provider === `letsencrypt` ? WIKI.config.ssl.subscriberEmail : null
+    },
     telemetry () {
       return WIKI.telemetry.enabled
     },

server/graph/schemas/system.graphql

@@ -40,6 +40,12 @@ type SystemMutation {
     mongoDbConnString: String!
     groupMode: SystemImportUsersGroupMode!
   ): SystemImportUsersResponse @auth(requires:  ["manage:system"])
+
+  setHTTPSRedirection(
+    enabled: Boolean!
+  ): DefaultResponse @auth(requires: ["manage:system"])
+
+  renewHTTPSCertificate: DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------
@@ -65,6 +71,9 @@ type SystemInfo {
   dbVersion: String @auth(requires: ["manage:system"])
   groupsTotal: Int @auth(requires: ["manage:system", "manage:navigation", "manage:groups", "write:groups", "manage:users", "write:users"])
   hostname: String @auth(requires: ["manage:system"])
+  httpPort: Int @auth(requires: ["manage:system"])
+  httpRedirection: Boolean @auth(requires: ["manage:system"])
+  httpsPort: Int @auth(requires: ["manage:system"])
   latestVersion: String @auth(requires: ["manage:system"])
   latestVersionReleaseDate: Date @auth(requires: ["manage:system"])
   nodeVersion: String @auth(requires: ["manage:system"])
@@ -72,6 +81,11 @@ type SystemInfo {
   pagesTotal: Int @auth(requires: ["manage:system", "manage:navigation", "manage:pages", "delete:pages"])
   platform: String @auth(requires: ["manage:system"])
   ramTotal: String @auth(requires: ["manage:system"])
+  sslDomain: String @auth(requires: ["manage:system"])
+  sslExpirationDate: Date @auth(requires: ["manage:system"])
+  sslProvider: String @auth(requires: ["manage:system"])
+  sslStatus: String @auth(requires: ["manage:system"])
+  sslSubscriberEmail: String @auth(requires: ["manage:system"])
   telemetry: Boolean @auth(requires: ["manage:system"])
   telemetryClientId: String @auth(requires: ["manage:system"])
   upgradeCapable: Boolean @auth(requires: ["manage:system"])

server/helpers/error.js

@@ -165,6 +165,22 @@ module.exports = {
     message: 'An unexpected error occured during search operation.',
     code: 4001
   }),
+  SystemGenericError: CustomError('SystemGenericError', {
+    message: 'An unexpected error occured.',
+    code: 7001
+  }),
+  SystemSSLDisabled: CustomError('SystemSSLDisabled', {
+    message: 'SSL is not enabled.',
+    code: 7002
+  }),
+  SystemSSLLEUnavailable: CustomError('SystemSSLLEUnavailable', {
+    message: 'Let\'s Encrypt is not initialized.',
+    code: 7004
+  }),
+  SystemSSLRenewInvalidProvider: CustomError('SystemSSLRenewInvalidProvider', {
+    message: 'Current provider does not support SSL certificate renewal.',
+    code: 7003
+  }),
   UserCreationFailed: CustomError('UserCreationFailed', {
     message: 'An unexpected error occured during user creation.',
     code: 1009

server/master.js

@@ -59,10 +59,10 @@ module.exports = async () => {
   }))
 
   // ----------------------------------------
-  // Let's Encrypt Challenge
+  // SSL Handlers
   // ----------------------------------------
 
-  app.use('/', ctrl.letsencrypt)
+  app.use('/', ctrl.ssl)
 
   // ----------------------------------------
   // Passport Authentication