artanikin · October 9, 2017 06:22 · Nov 21, 2016 · Nov 21, 2016 · Nov 21, 2016 · Nov 21, 2016
diff --git a/ssl_puma.sh b/ssl_puma.sh
@@ -38,7 +38,7 @@ ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_S
 
 # Add this to development.rb
 config.force_ssl = true
-config.ssl_options = { redirect: { port: 3000 } }
+config.ssl_options = { redirect: { port: 3000 }, hsts: { subdomains: true } }
 
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 

diff --git a/ssl_puma.sh b/ssl_puma.sh
@@ -36,6 +36,12 @@ DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key
 web: bundle exec puma -C config/puma.rb
 ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb
 
+# Add this to development.rb
+config.force_ssl = true
+config.ssl_options = { redirect: { port: 3000 } }
+
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 
-#    both you need to start two instances on different ports.
+#    both you need to start two instances on different ports.
+# 2) Checkout new_framework_defaults.rb in newer rails apps. It had a ssl_options config
+#    setting that was a pain in my neck.
diff --git a/ssl_puma.sh b/ssl_puma.sh
@@ -33,7 +33,8 @@ DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
 DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key
 
 # Update your Procfile to look like this:
-web: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb
+web: bundle exec puma -C config/puma.rb
+ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb
 
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 

diff --git a/ssl_puma.sh b/ssl_puma.sh
@@ -32,8 +32,9 @@ $ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lv
 DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
 DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key
 
+# Update your Procfile to look like this:
+web: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb
+
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 
-#    both you need to start two instances on different ports.
-#
-#
+#    both you need to start two instances on different ports.
diff --git a/ssl_puma.sh b/ssl_puma.sh
@@ -1,44 +1,36 @@
-
-# 1) Create your private key (any password will do, we remove it below)
-
+# 1) Create your private key
 $ cd ~/.ssh
-$ openssl genrsa -des3 -out server.orig.key 2048
-
-
-# 2) Remove the password
+$ openssl genrsa -des3 -passout pass:x -out lvh.me.pass.key 2048
 
-$ openssl rsa -in server.orig.key -out server.key
+# 2) Generate RSA key
+$ openssl rsa -passin pass:x -in lvh.me.pass.key -out lvh.me.key
 
+# 3) Get rid of private key
+$ rm lvh.me.pass.key
 
 # 3) Generate the csr (Certificate signing request) (Details are important!)
-
-$ openssl req -new -key server.key -out server.csr
+$ openssl req -new -key lvh.me.key -out lvh.me.csr
 
 # IMPORTANT
-# MUST have localhost.ssl as the common name to keep browsers happy 
+# MUST have lvh.me as the common name to keep browsers happy 
 # (has to do with non internal domain names ... which sadly can be
 # avoided with a domain name with a "." in the middle of it somewhere)
 
-Country Name (2 letter code) [AU]:
-...
-Common Name: localhost.ssl 
-...
-
-
 # 4) Generate self signed ssl certificate 
-
-$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-
-# 5) Finally Add localhost.ssl to your hosts file
-
-$ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
-
-# 6) Boot puma
-
-$ puma -b 'ssl://127.0.0.1:3000?key=/Users/tadas/.ssh/server.key&cert=/Users/tadas/.ssh/server.crt'
-
-# 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
-# Open keychain tool, drag .crt file to system, and trust everything.
+$ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lvh.me.crt
+
+# 5) Add lvh.me.crt as trusted cert in the mac osx keychain
+# Open keychain tool
+# Select "System" in Keychains menu
+# drag lvh.me.crt file to list
+# Right-click Cert: Get Info
+# Open "Trust" menu
+# When using this certificate: "Always Trust"
+
+# 6) Setup Rails App
+# For rails app development, add two keys to your .rbenv-vars folder:
+DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
+DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key
 
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 

diff --git a/gistfile1.sh → ssl_puma.sh b/gistfile1.sh → ssl_puma.sh
@@ -1,7 +1,7 @@
-# SSL self signed localhost for rails start to finish, no red warnings. 
 
 # 1) Create your private key (any password will do, we remove it below)
 
+$ cd ~/.ssh
 $ openssl genrsa -des3 -out server.orig.key 2048
 
 
@@ -33,15 +33,15 @@ $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
 
 $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
 
-# 6) Boot thin
+# 6) Boot puma
 
-$ thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt
+$ puma -b 'ssl://127.0.0.1:3000?key=/Users/tadas/.ssh/server.key&cert=/Users/tadas/.ssh/server.crt'
 
 # 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
 # Open keychain tool, drag .crt file to system, and trust everything.
 
 # Notes:
-# 1) Https traffic and http traffic can't be served from the same thin process. If you want 
+# 1) Https traffic and http traffic can't be served from the same process. If you want 
 #    both you need to start two instances on different ports.
 #
 #
diff --git a/gistfile1.sh b/gistfile1.sh
@@ -37,8 +37,8 @@ $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
 
 $ thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt
 
-# 7) Add server.crt as trusted cert in mac osx keychain
-# Simply navigate to your .crt file and double click, in the keychain tool it opens trust everything.
+# 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain
+# Open keychain tool, drag .crt file to system, and trust everything.
 
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same thin process. If you want 

diff --git a/gistfile1.sh b/gistfile1.sh
@@ -25,6 +25,10 @@ Common Name: localhost.ssl
 ...
 
 
+# 4) Generate self signed ssl certificate 
+
+$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+
 # 5) Finally Add localhost.ssl to your hosts file
 
 $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts

diff --git a/gistfile1.sh b/gistfile1.sh
@@ -31,9 +31,10 @@ $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
 
 # 6) Boot thin
 
-$ thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file certs/server.crt
+$ thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt
 
-7) Add server.crt as trusted cert in mac osx keychain
+# 7) Add server.crt as trusted cert in mac osx keychain
+# Simply navigate to your .crt file and double click, in the keychain tool it opens trust everything.
 
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same thin process. If you want 

diff --git a/gistfile1.sh b/gistfile1.sh
@@ -19,6 +19,7 @@ $ openssl req -new -key server.key -out server.csr
 # (has to do with non internal domain names ... which sadly can be
 # avoided with a domain name with a "." in the middle of it somewhere)
 
+Country Name (2 letter code) [AU]:
 ...
 Common Name: localhost.ssl 
 ...
@@ -38,4 +39,4 @@ $ thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file
 # 1) Https traffic and http traffic can't be served from the same thin process. If you want 
 #    both you need to start two instances on different ports.
 #
-#
+#
diff --git a/gistfile1.sh b/gistfile1.sh
@@ -1,14 +1,17 @@
 # SSL self signed localhost for rails start to finish, no red warnings. 
 
-1) Create your private key (any password will do, we remove it below)
+# 1) Create your private key (any password will do, we remove it below)
+
 $ openssl genrsa -des3 -out server.orig.key 2048
 
 
-2) Remove the password
+# 2) Remove the password
+
 $ openssl rsa -in server.orig.key -out server.key
 
 
-3) Generate the csr (Certificate signing request) (Details are important!)
+# 3) Generate the csr (Certificate signing request) (Details are important!)
+
 $ openssl req -new -key server.key -out server.csr
 
 # IMPORTANT
@@ -21,11 +24,13 @@ Common Name: localhost.ssl
 ...
 
 
-5) Finally Add localhost.ssl to your hosts file
+# 5) Finally Add localhost.ssl to your hosts file
+
 $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
 
-6) Boot thin
-thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file certs/server.crt
+# 6) Boot thin
+
+$ thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file certs/server.crt
 
 7) Add server.crt as trusted cert in mac osx keychain
 

diff --git a/gistfile1.txt → gistfile1.sh b/gistfile1.txt → gistfile1.sh
@@ -1,14 +1,17 @@
 # SSL self signed localhost for rails start to finish, no red warnings. 
 
-# Create your private key (any password will do, we remove it below)
+1) Create your private key (any password will do, we remove it below)
 $ openssl genrsa -des3 -out server.orig.key 2048
 
-# Remove the password
+
+2) Remove the password
 $ openssl rsa -in server.orig.key -out server.key
 
-# Generate the csr (Certificate signing request) (Details are important!)
+
+3) Generate the csr (Certificate signing request) (Details are important!)
 $ openssl req -new -key server.key -out server.csr
 
+# IMPORTANT
 # MUST have localhost.ssl as the common name to keep browsers happy 
 # (has to do with non internal domain names ... which sadly can be
 # avoided with a domain name with a "." in the middle of it somewhere)
@@ -17,12 +20,15 @@ $ openssl req -new -key server.key -out server.csr
 Common Name: localhost.ssl 
 ...
 
-Finally Add localhost.ssl to your hosts file
+
+5) Finally Add localhost.ssl to your hosts file
 $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
 
-# Boot thin
+6) Boot thin
 thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file certs/server.crt
 
+7) Add server.crt as trusted cert in mac osx keychain
+
 # Notes:
 # 1) Https traffic and http traffic can't be served from the same thin process. If you want 
 #    both you need to start two instances on different ports.

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,30 @@
+# SSL self signed localhost for rails start to finish, no red warnings. 
+
+# Create your private key (any password will do, we remove it below)
+$ openssl genrsa -des3 -out server.orig.key 2048
+
+# Remove the password
+$ openssl rsa -in server.orig.key -out server.key
+
+# Generate the csr (Certificate signing request) (Details are important!)
+$ openssl req -new -key server.key -out server.csr
+
+# MUST have localhost.ssl as the common name to keep browsers happy 
+# (has to do with non internal domain names ... which sadly can be
+# avoided with a domain name with a "." in the middle of it somewhere)
+
+...
+Common Name: localhost.ssl 
+...
+
+Finally Add localhost.ssl to your hosts file
+$ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts
+
+# Boot thin
+thin start --ssl --ssl-verify --ssl-key-file certs/server.key --ssl-cert-file certs/server.crt
+
+# Notes:
+# 1) Https traffic and http traffic can't be served from the same thin process. If you want 
+#    both you need to start two instances on different ports.
+#
+#
No results found