Some things need to be secure. Login and registration pages are often among them. This guide will show you how to quickly set-up a SSL site with a self-signed certificate and automatic HTTP-to-HTTPS redirect. This is ideal for setting up staging environments.
I’ll assume you have a standard Debian system with the apache2 package installed and ready.
The first step is to generate a key. You must choose a passphrase here. We’ll remove that later on for easier Apache2 restarts
openssl genrsa -des3 -out server.key 4096
Next, you need to generate a Certificate Sign Request or CSR. Some things to consider:
- Enter the Fully Qualified Domain Name in the Common Name field. For this blog that’d be ‘blog.kabisa.nl’.
- There’s no need to set a challenge password.
openssl req -new -key server.key -out server.csr
Next, sign the request with your key.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Then, create an insecure version of your key. This will remove the pass phrase. If you don’t do this apache will ask for the pass phrase when it loads the key.
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
A good place to keep your key and certificate is /etc/apache2/ssl. Make sure you chmod 600 it for the root user.
Okay, setup your VirtualHosts. This example is for a Passenger-powered example app.
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin support@example.com
ServerName example.com
# SSL Engine Switch
SSLEngine on
# SSL Cipher Suite:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate
SSLCertificateFile /etc/apache2/ssl/server.crt
# Server Private Key
SSLCertificateKeyFile /etc/apache2/ssl/server.key
# Set header to indentify https requests for Mongrel
RequestHeader set X-Forwarded-Proto "https"
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/rails/example/current/public
<Directory "/var/rails/example/current/public">
AllowOverride all
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
There is a file name /etc/apache2/ports.conf that configures which ports apache listen on. Make it look like this:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
All set. Now restart apache2 and you should be good to go.
Dynamic Queue Assignment for Resque Jobs
Resque is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. Sounds great!
Let’s dive in directly:
This example was taken from the Resque README. It works great, but there’s a problem: you hard-code the queue to use. For an app I’m currently working on this is unwanted behaviour.
Read More »