forked from rapidftr/RapidFTR
-
Notifications
You must be signed in to change notification settings - Fork 1
Setting up ssl
duelinmarkers edited this page Apr 16, 2011
·
2 revisions
Note: This manual process is not recommended for a production server. Please see Production Server Setup
Here are the steps taken to set up SSL on dev.rapidftr.com. Similar steps worked on Hume's Mac laptop, with differences below.
# created certificate and key files as described here: http://www.akadia.com/services/ssh_test_certificate.html
gem install passenger # to upgrade to 3.0.0, which builds nginx w/ SSL by default
sudo /path/passenger-install-nginx-module # to rebuild nginx
# which failed because no libcurl w/ ssl headers, so
sudo apt-get install libcurl4-openssl-dev # as instructed by passenger install
sudo /path/passenger-install-nginx-module
# <1> ("Yes: download, compile and install Nginx for me. (recommended)")
# <Enter> for default prefix dir
sudo vim /opt/nginx/conf/nginx.conf # to create ssl servers on 443 and 3443
# add this inside the http block:
server {
listen 443;
server_name dev.rapidftr.com;
ssl on;
ssl_certificate /home/jorge/rapidftrdev.crt;
ssl_certificate_key /home/jorge/rapidftrdev.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
passenger_enabled on;
rails_env production;
root /home/jorge/Code/RapidFTR-prod/public;
}
# and likewise for 3443, with a different port, rails_env, and root.
sudo /opt/nginx/sbin/nginx -t # to test config
# /etc/init.d/nginx doesn't do anything! I wasted a lot of time before I realized that!
sudo /opt/nginx/sbin/nginx -s stop # to shut down
sudo /opt/nginx/sbin/nginx # to start back up
# sudo /opt/nginx/sbin/nginx -s reload might have worked as well
ufw allow 3443/tcp # to open firewall rule for this weird uat SSL port
# then set up the port 80 server to rewrite all requests to https
server {
listen 80;
server_name dev.rapidftr.com;
rewrite ^(.*) https://dev.rapidftr.com$1 permanent;
}
On Hume's Mac laptop, SSL setup was very easy.
- generated a certificate for
local.rapidftr.com
and put an entry in/etc/hosts
to point that name at 127.0.0.1. - built nginx to a directory in my home so I didn't have to
sudo
except to start it (with port 80 and 443). - didn't have to do anything with firewall rules.
- set
rails_env development
so code would reload as normal.