From 952244460445f9f591b0eb9c6131b4c203b01498 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Wilczy=C5=84ski?= Date: Wed, 8 Mar 2017 10:56:30 +0100 Subject: [PATCH] HTTPS.rst: Added a note about required system packages when HTTPS is used --- HTTPS.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/HTTPS.rst b/HTTPS.rst index 9abf6d17..20ba03fe 100644 --- a/HTTPS.rst +++ b/HTTPS.rst @@ -2,7 +2,7 @@ HTTPS support (from 1.3) ============================ Use the ``https ,,`` option. This option may be -specified multiple times. First generate your server key, certificate signing +specified multiple times. First generate your server key, certificate signing request, and self-sign the certificate using the OpenSSL toolset: .. note:: You'll want a real SSL certificate for production use. @@ -28,6 +28,10 @@ and use the shared socket 0 (``=0``) for HTTPS. .. note:: The =0 syntax is currently undocumented. +.. note:: In order to use `https` option be sure that you have OpenSSL + development headers installed (e.g. libssl-dev on Debian). Install them + and rebuild uWSGI so the build system will automatically detect it. + Setting SSL/TLS ciphers ----------------------- @@ -53,7 +57,7 @@ Client certificate authentication --------------------------------- The ``https`` option can also take an optional 5th argument. You can use it to -specify a CA certificate to authenticate your clients with. Generate your CA +specify a CA certificate to authenticate your clients with. Generate your CA key and certificate (this time the key will be 4096 bits and password-protected)::