Configuring Compojure for SSL?
303 views
Skip to first unread message
André Thieme
Sep 28, 2009, 4:24:57 AM9/28/09
to Compojure
Compojure does not ship with a full Jetty installation.
For those full installs there are tutorials that explain how to
make Jetty understand https. I now need to offer https for my
users. Is there a way to do that with compojure? Such as pointing
to a certificate on disk during starting up Jetty?
If that is not an option, can one make Compojure use a full install
of Jetty, which respects all configuration done for Jetty (via .xml
files then I guess)?
Otherwise I would go the route of installing an Apache and use
mod_proxy.
For those full installs there are tutorials that explain how to
make Jetty understand https. I now need to offer https for my
users. Is there a way to do that with compojure? Such as pointing
to a certificate on disk during starting up Jetty?
If that is not an option, can one make Compojure use a full install
of Jetty, which respects all configuration done for Jetty (via .xml
files then I guess)?
Otherwise I would go the route of installing an Apache and use
mod_proxy.
James Reeves
Sep 28, 2009, 7:46:27 AM9/28/09
to Compojure
On Sep 28, 9:24 am, André Thieme <splendidl...@googlemail.com> wrote:
> Compojure does not ship with a full Jetty installation.
> For those full installs there are tutorials that explain how to
> make Jetty understand https. I now need to offer https for my
> users. Is there a way to do that with compojure? Such as pointing
> to a certificate on disk during starting up Jetty?
Yep, you can do this:
> Compojure does not ship with a full Jetty installation.
> For those full installs there are tutorials that explain how to
> make Jetty understand https. I now need to offer https for my
> users. Is there a way to do that with compojure? Such as pointing
> to a certificate on disk during starting up Jetty?
(run-server {:ssl true, :keystore "my.keystore", :key-password
"foobar"}
"/*" (servlet my-routes))
> If that is not an option, can one make Compojure use a full install
> of Jetty, which respects all configuration done for Jetty (via .xml
> files then I guess)?
- James
André Thieme
Sep 28, 2009, 9:09:55 AM9/28/09
to Compojure
On 28 Sep., 13:46, James Reeves <weavejes...@googlemail.com> wrote:
> On Sep 28, 9:24 am, André Thieme <splendidl...@googlemail.com> wrote:
>
> > Compojure does not ship with a full Jetty installation.
> > For those full installs there are tutorials that explain how to
> > make Jetty understand https. I now need to offer https for my
> > users. Is there a way to do that with compojure? Such as pointing
> > to a certificate on disk during starting up Jetty?
>
> Yep, you can do this:
>
> (run-server {:ssl true, :keystore "my.keystore", :key-password
> "foobar"}
> "/*" (servlet my-routes))
This sounds good and easy. I adopted this a little bit
> On Sep 28, 9:24 am, André Thieme <splendidl...@googlemail.com> wrote:
>
> > Compojure does not ship with a full Jetty installation.
> > For those full installs there are tutorials that explain how to
> > make Jetty understand https. I now need to offer https for my
> > users. Is there a way to do that with compojure? Such as pointing
> > to a certificate on disk during starting up Jetty?
>
> Yep, you can do this:
>
> (run-server {:ssl true, :keystore "my.keystore", :key-password
> "foobar"}
> "/*" (servlet my-routes))
and used (jetty-server ...) instead. I then guessed that the
key :ssl-port may also be accepted, and yes, it is.
Can one also configure it in a way that only the ssl
port opens, and http is *not* accepted?
Anyway, your solution works well for me, thanks!
James Reeves
Sep 28, 2009, 9:37:00 AM9/28/09
to Compojure
On Sep 28, 2:09 pm, André Thieme <splendidl...@googlemail.com> wrote:
> This sounds good and easy. I adopted this a little bit
> and used (jetty-server ...) instead. I then guessed that the
> key :ssl-port may also be accepted, and yes, it is.
> Can one also configure it in a way that only the ssl
> port opens, and http is *not* accepted?
I don't think so. There doesn't seem to be any way of getting Jetty to
> This sounds good and easy. I adopted this a little bit
> and used (jetty-server ...) instead. I then guessed that the
> key :ssl-port may also be accepted, and yes, it is.
> Can one also configure it in a way that only the ssl
> port opens, and http is *not* accepted?
do that.
However, what you can do is set up some middleware to redirect your
routes to the equivalent https URL:
(defn to-https [uri]
(str "https://your-website.com" uri))
(defn with-force-ssl [handler]
(fn [request]
(if (= (request :scheme) "https")
(handler request)
{:status 301
:headers {"Location" (to-https (request :uri))})))
(decorate your-routes
with-force-ssl)
This might work better, as it means that if a user accidentally goes
to a HTTP URL, as is the default for browsers, it'll automatically
redirect them to HTTPS.
- James
Reply all
Reply to author
Forward
0 new messages