From d26f8941bbceffc644690ce03031f700ea11580f Mon Sep 17 00:00:00 2001 From: njaxx Date: Wed, 14 Sep 2016 15:18:54 -0500 Subject: [PATCH] Adds a mention of manually adding nginx entry I was working on a Dockerfile deploy that was setup to listen on port 8844. I wanted to add ssl and couldn't figure out why adding the ssl cert didn't making things 'just work'. Since the `proxy:ports-add` step I discuss in this commit is run both `under the hood` and `sometimes`, I thought it might be worth issuing a PR for. --- docs/configuration/ssl.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/configuration/ssl.md b/docs/configuration/ssl.md index 57c4e7896..7a1a397d8 100644 --- a/docs/configuration/ssl.md +++ b/docs/configuration/ssl.md @@ -126,3 +126,7 @@ Only use this option if: If it's possible to make HTTP/S requests directly to Nginx, bypassing the load balancer, or if the load balancer is not configured to set these headers, then it becomes possible for a client to set these headers to arbitrary values. This could result in security issue, for example, if your application looks at the value of the `X-Forwarded-Proto` to determine if the request was made over HTTPS. + +### SSL Port Exposure + +When your app is served from port `80` then the `/home/dokku/APP/nginx.conf` file will automatically be updated to instruct nginx to respond to ssl on port 443 as a new cert is added. If your app uses a non-standard port (perhaps you have a dockerfile deploy exposing port `99999`) you may need to manually expose an ssl port via `dokku proxy:ports-add https:443:99999`.