Closed pozelli closed 2 years ago
pozelli
commented
2 years ago My chosen solution was to use haproxy to terminate the SSL, and to remove SSL from thin command line.
So haproxy and thin interact without SSL, and browser and haproxy with SSL.
pozelli
commented
2 years ago @JinPreyor1981, thin can't work this way. You need to use a reverse proxy (e.g. haproxy / nginx) to terminate the SSL. Then you can use thin with the SSL not enabled.
Please check: https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/
ioquatix
commented
2 years ago If you want a Ruby web application server capable of handling multiple virtual hosts, consider using falcon virtual: https://socketry.github.io/falcon/guides/deployment/index.html#falcon-virtual
Hi! Is there any way I can use different certificates based on the request hostname?
For example, currently I can use one .crt and one .key files:
bundle exec thin -p 9292 --ssl --ssl-key-file acme/faye.key --ssl-cert-file acme/faye.crt --ssl-disable-verify -e production -d -R faye.ru start
But the thin server is used by multiple domains:
message = {:channel => "/somechannel", :data => "somedata"} uri = URI.parse("https://SOMEDOMAIN.com:9292/faye") Net::HTTP.post_form(uri, :message => message.to_json)
Faye javascript client:
var faye = new Faye.Client("https://<%= request.host %>:9292/faye");
Since I need to use one certificate per domain (because I have more than 100 domains...), I'm looking for a way to use more than one certificate on the thin command line.
Can I concatenate all the certificates into a single .cer file and all the keys into a single .key file, and use both files in the command line? Is there some SNI approach?
Thanks in advance.