wmluke / dokku-domains-plugin

Dokku plugin to create nginx vhost with multiple domains
MIT License
176 stars 21 forks source link

Support SSL domains #5

Closed wmluke closed 9 years ago

wmluke commented 10 years ago

Support SSL enabled virtual host configurations and a nice way to map hostnames to SSL certificates.

wmluke commented 10 years ago

The proposed API to support SSL virtual hosts:

$ dokku domains:setssl APP CERT_NAME DOMAIN1 [DOMAIN2 ...]

Which corresponds to a SSL cert file located at $DOKKU_ROOT/$APP/ssl/$cert_name, and assumes that this cert already exists and works for DOMAIN1 [DOMAIN2 ...].

This is mostly working in the develop branch...

https://github.com/wmluke/dokku-domains-plugin/blob/develop/commands#L34 https://github.com/wmluke/dokku-domains-plugin/blob/develop/test/commands_test.sh#L38

Thoughts?

JoshuaNovak919 commented 10 years ago

This looks perfect to me. How exactly do I need to setup SSL for this to work though? (sorry i'm new to SSL). I know I need to generate a CSR and get the certificate, but do I need to do all that in the $DOKKU_ROOT/$APP/ssl/ folder?

wmluke commented 10 years ago

I know only enough about generating SSL certs to be dangerous, so I don't want to give you the wrong advise. Basically, you need to decide if a self-signed cert will do or if you need a CA signed cert. Browsers will emit security warnings for the former, but you'll have to pay $$ for the latter. For CA's, I've used Start SSL b/c they are so cheap and seem trust worthy enough. But there are plenty of alternatives. In either case, once you're through the process, just be careful where and how you store and transfer your private certs. Keep it secret. Keep it safe.

CA's:

References:

Good Luck!

wmluke commented 10 years ago

And yes, once you have the certs in hand, you'll need to put them in $DOKKU_ROOT/$APP/ssl/.

Ref: http://nginx.org/en/docs/http/configuring_https_servers.html

I'll include more detailed instructions in the readme, once I've had more time to test and iron out the command api.

JoshuaNovak919 commented 10 years ago

Do I need to do any other SSL setup after I get the certificate if I put my certificate etc in the $DOKKU_ROOT/$APP/ssl/ folder and run the command? Sorry, just a bit new to this and the articles you linked to and the ones i've found don't really say much about getting it to work with dokku. I actually tried using this for SSL and so far it won't work, not sure why yet.

Update: After a server restart it is now working! Yay!

darkpixel commented 10 years ago

@JoshuaNovak919 For all my dev/testing I use http://cacert.org/ Free, supported by most browsers, etc... For production I use one of a few 'big name' providers.

@wmluke: Implementation looks good. I'll check out dev and let you know in a few minutes

wmluke commented 9 years ago

Closing b/c #15.