From 9e49bc12ed80baf02b6e92a2af095106fbb216ef Mon Sep 17 00:00:00 2001 From: eitland Date: Mon, 31 Mar 2014 21:27:19 +0200 Subject: [PATCH 1/2] Add details on how to use wildcard ssls After reading the source code for hints on how to deploy wildcard ssls I found it was already supported. The proposed change should make this feature easier to find. --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e619f2e3..2094f08d6 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,13 @@ config:unset KEY1 [KEY2 ...] - unset one or more config vars ## TLS support -Dokku provides easy TLS support from the box. To enable TLS connection to your application, copy the `.crt` and `.key` files into the `/home/dokku/:app/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). Redeployment of the application will be needed to apply TLS configuration. Once it is redeployed, the application will be accessible by `https://` (redirection from `http://` is applied as well). +Dokku provides easy TLS support from the box. This can be done app-by-app or for all subdomains at once. + +* To enable TLS connection to to one of your applications, copy the `.crt` and `.key` files into the applications `/home/dokku/:app/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). + +* To enable TLS connections for all your applications at once you will need a wildcard ssl certificate. To enable ssl across the server copy the `.crt` and `.key` files into the `/home/dokku/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). + +Redeployment of the application will be needed to apply TLS configuration. Once it is redeployed, the application will be accessible by `https://` (redirection from `http://` is applied as well). ## Upgrading From e2a5e92cf733884f3fcb515c12898ea2e837af86 Mon Sep 17 00:00:00 2001 From: eitland Date: Mon, 31 Mar 2014 22:53:01 +0200 Subject: [PATCH 2/2] s/ssl/TLS/g + domain name must match for wildcards * Updated ssl to TLS as requested. * Added information that names must match --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2094f08d6..0940a8a4e 100644 --- a/README.md +++ b/README.md @@ -106,11 +106,11 @@ config:unset KEY1 [KEY2 ...] - unset one or more config vars ## TLS support -Dokku provides easy TLS support from the box. This can be done app-by-app or for all subdomains at once. +Dokku provides easy TLS support from the box. This can be done app-by-app or for all subdomains at once. * To enable TLS connection to to one of your applications, copy the `.crt` and `.key` files into the applications `/home/dokku/:app/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). -* To enable TLS connections for all your applications at once you will need a wildcard ssl certificate. To enable ssl across the server copy the `.crt` and `.key` files into the `/home/dokku/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). +* To enable TLS connections for all your applications at once you will need a wildcard TLS certificate. To enable TLS across the server copy the `.crt` and `.key` files into the `/home/dokku/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). **Note**: A global/wildcard TLS will not be applied unless the application's VHOST matches the certificate's name. (i.e. if you have a cert for *.example.com TLS won't be applied for something.example.org or example.net) Redeployment of the application will be needed to apply TLS configuration. Once it is redeployed, the application will be accessible by `https://` (redirection from `http://` is applied as well).