Hi Martin,
Here is what I did to get ssl working. Your first problem is that more
than ssl certificates require unique ips for each certificate. Given
the fact that scalr may grow your www instances automatically, this
can quickly become a problem.
To work around this problem I purchased a multi domain ssl cert from
Godaddy. This is an ssl cert that allows you to add domains and
subdomains at will up to a certain amount, and the good news is that
it is all contained in one cert! BTW, I have multiple domains running
in Scalr so this is an issue for me, but if you only have 1 domain
than you can buy any 1 cert you want.
Here are the steps I did to set this up on nginx:
1. Create key and csr
2. Purchase certificate with csr
3. Download cert (If you do the multiple domain cert add the contents
of gd_bundle.crt to the bottom of yourdomain.com.crt)
4. Put your cert in /etc/nginx/certs (I also put my csr and key files
there as well)
5. chmod 600 /etc/nginx/certs/*
6. edit /etc/nginx/nginx.conf
# add the following info directly after the server section for port 80
server {
listen 443;
ssl on;
# path to your certificate
ssl_certificate /etc/nginx/certs/godaddy_15_domain.crt;
# path to your ssl key
ssl_certificate_key /etc/nginx/certs/godaddy_15_domain.key;
if ( $remote_addr = 127.0.0.1 ) {
rewrite ^(.*)$ /500.html last;
return 302;
}
location / {
proxy_pass
http://backend;
proxy_buffering on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header HTTPS on;
error_page 500 501 = /500.html;
error_page 502 503 504 = /502.html;
}
location /500.html {
root /var/www/nginx-default;
}
location /502.html {
root /var/www/nginx-default;
}
}
7. /etc/init.d/nginx restart
8. Enjoy SSL goodness!
*Take special note of the line that says proxy_set_header HTTPS on.
The way this works is nginx will proxy all the requests that come in
on port 443 to port 80 on your app servers. This little goodie gives
me an environment variable on the app server that let's me know the
connection is secure. Then I can do things in PHP like redirect to
https if that variable is not on. Oh and for some reason the variable
comes through as HTTP_HTTPS. So I can reference it via
$_SERVER['HTTP_HTTPS'];
Hope this helps!
Mike
Once you download the cert you add the contents of gd_bundle.crt to
the bottom of yourdomain.com.crt
> I'd appreciate some pointers on how to gethttps://
www.mydomain.com