Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-28 16:06:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove references to global TLS certs. closes #2057

Browse Source
This commit is contained in:
Michael Hobbs
2016-03-31 07:52:19 -07:00
parent e114ab3f20
commit c739c770f7
5 changed files with 4 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/deployment/ssl-configuration.md
View File

@@ -64,34 +64,6 @@ root@dokku:~/dokku# dokku certs:info node-js-app
The `certs:remove` command only works on app-specific certificates. It will `rm` the app-specific tls directory, rebuild the nginx configuration, and reload nginx.
## Global Certification
Global certificate management is a manual process. To enable TLS connections for all your applications at once you will need a wildcard TLS certificate.
To enable TLS across all apps, you can run the following commands:
```shell
mkdir -p /home/dokku/tls
cp server.crt /home/dokku/tls/server.crt
cp server.key /home/dokku/tls/server.key
```
Next, you will want to enable the certificates by editing `/etc/nginx/conf.d/dokku.conf` and uncommenting these two lines (remove the `#`):
```
ssl_certificate /home/dokku/tls/server.crt;
ssl_certificate_key /home/dokku/tls/server.key;
```
The settings will take affect at the next deploy. If you would like to propagate the change to all apps immediately, you can also run the following command:
```shell
dokku ps:restartall
```
Once TLS is enabled, the application will be accessible by `https://` (redirection from `http://` is applied as well).
> Note: TLS will not be enabled unless the application's VHOST matches the certificate's name. (i.e. if you have a cert for `*.example.com` TLS won't be enabled for `something.example.org` or `example.net`)
## HSTS Header

4
plugins/checks/check-deploy
View File

@@ -156,8 +156,8 @@ checks_check_deploy() {
local CURL_OPTIONS="-q --compressed --fail --location --max-time $TIMEOUT"
# Set X-Forwarded-Proto header if TLS is enabled.
local SSL="$DOKKU_ROOT/$APP/tls"; local WILDCARD_SSL="$DOKKU_ROOT/tls"
if [[ -e "$SSL/server.crt" && -e "$SSL/server.key" ]] || [[ -e "$WILDCARD_SSL/server.crt" && -e "$WILDCARD_SSL/server.key" ]]; then
local SSL="$DOKKU_ROOT/$APP/tls"
if [[ -e "$SSL/server.crt" && -e "$SSL/server.key" ]]; then
local CURL_OPTIONS+=" -H X-Forwarded-Proto:https"
fi

2
plugins/nginx-vhosts/install
View File

@@ -33,8 +33,6 @@ ssl_session_timeout 10m;
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# ssl_certificate $DOKKU_ROOT/tls/server.crt;
# ssl_certificate_key $DOKKU_ROOT/tls/server.key;
EOF
fi

2
tests/unit/30_core_1.bats
View File

@@ -8,7 +8,7 @@ setup() {
}
teardown() {
rm -rf /home/dokku/$TEST_APP/tls /home/dokku/tls
rm -rf /home/dokku/$TEST_APP/tls
destroy_app
dokku config:unset --global DOKKU_RM_CONTAINER
rm -f "$DOCKERFILE"

2
tests/unit/40_core_2.bats
View File

@@ -7,7 +7,7 @@ setup() {
}
teardown() {
rm -rf /home/dokku/$TEST_APP/tls /home/dokku/tls
rm -rf /home/dokku/$TEST_APP/tls
destroy_app
}