diff --git a/README.md b/README.md index 50dcfc0e2..441101db2 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,10 @@ To setup environment for your application, create file `/home/git/APP_NAME/ENV`. Next time the application is deployed, those variables would be exposed by `start` script. +## SSL support + +Dokku provides easy SSL support from the box. To enable SSL connection to your application, copy `.crt` and `.key` file into `/home/git/:app/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). Redeployment of application will be needed to apply SSL configuration. Once it redeployed, application will be accessible by `https://` (redirection from `http://` is applied as well). + ## Advanced installation (for development) If you plan on developing dokku, the easiest way to install from your own repository is cloning @@ -138,7 +142,6 @@ You can use [Github Issues](https://github.com/progrium/dokku/issues), check [Tr ## Ideas for Improvements * Custom domain support for apps - * HTTPS support on default domain * Support more buildpacks (see Buildstep) * Use dokku as the system user instead of git * Heroku-ish commands to be run via SSH (like [Dokuen](https://github.com/peterkeen/dokuen#available-app-sub-commands)) diff --git a/plugins/nginx-vhosts/post-deploy b/plugins/nginx-vhosts/post-deploy index eb5b8928f..62106c4c2 100755 --- a/plugins/nginx-vhosts/post-deploy +++ b/plugins/nginx-vhosts/post-deploy @@ -1,6 +1,7 @@ #!/bin/bash set -e APP="$1"; PORT="$2" +SSL="$HOME/$APP/ssl" if [[ -f "$HOME/VHOST" ]]; then VHOST=$(< "$HOME/VHOST") @@ -10,20 +11,55 @@ if [[ -f "$HOME/VHOST" ]]; then else hostname="${APP/\//-}.$VHOST" fi + + # ssl based nginx.conf + if [[ -f "$SSL/server.crt" ]] && [[ -f "$SSL/server.key" ]]; then cat< $HOME/$APP/nginx.conf upstream $APP { server 127.0.0.1:$PORT; } -server { +server { + listen 80; + server_name $hostname; + return 301 https://\$host\$request_uri; +} + +server { + listen 443; + server_name $hostname; + + ssl on; + ssl_certificate $SSL/server.crt; + ssl_certificate_key $SSL/server.key; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_prefer_server_ciphers on; + + location / { + proxy_pass http://$APP; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host \$http_host; + proxy_set_header X-Scheme \$scheme; + } +} +EOF +else +# default nginx.conf + cat< $HOME/$APP/nginx.conf +upstream $APP { server 127.0.0.1:$PORT; } +server { listen 80; server_name $hostname; location / { proxy_pass http://$APP; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; proxy_set_header Host \$http_host; } } EOF + fi nc -U $HOME/reload-nginx echo "$hostname" > "$HOME/$APP/VHOST" -fi +fi \ No newline at end of file