Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we get https enabled for UAT? #1723

Closed
pgwillia opened this issue Jun 18, 2020 · 2 comments
Closed

Can we get https enabled for UAT? #1723

pgwillia opened this issue Jun 18, 2020 · 2 comments
Assignees
@pgwillia

Comments

@pgwillia
Copy link
Member

I’ve sometimes run across instances where a “thing” works in http but fails under https

Originally posted by @pgwillia in #1680 (comment)
@pgwillia
Copy link
Member Author

pgwillia commented Jul 30, 2020
edited
Loading 

# config/nginx.conf
server {

  listen 80 ssl;

  client_max_body_size 4G;
  keepalive_timeout 10;

  ssl_certificate     library.ualberta.ca.bundle.crt;
  ssl_certificate_key library.ualberta.ca.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5;

  error_page 500 502 504 /500.html;
  error_page 497  301 =307 https://$host:$server_port$request_uri;
...
}

# docker-compose.yml
nginx:
    restart: always
    image: nginx
    depends_on:
      - web
    env_file: .env_deployment
    volumes:
      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
      - ../UALcert/library.ualberta.ca.key:/etc/nginx/library.ualberta.ca.key
      - ../UALcert/library.ualberta.ca.crt:/etc/nginx/library.ualberta.ca.bundle.crt
      - assets:/app/public/
    ports:
      - "80:80"

@pgwillia pgwillia mentioned this issue Jul 30, 2020
Closed
@pgwillia pgwillia self-assigned this Aug 6, 2020
@pgwillia
Copy link
Member Author

need to set these headers

upstream myapp {
  server              unix:///path/to/puma.sock;
}
...
location / {
  proxy_pass        http://myapp;
  proxy_set_header  Host $host;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Proto $scheme;
  proxy_set_header  X-Forwarded-Ssl on; # Optional
  proxy_set_header  X-Forwarded-Port $server_port;
  proxy_set_header  X-Forwarded-Host $host;
}

This was referenced Aug 25, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pgwillia pgwillia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbarnett @pgwillia