Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-28 16:06:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c5026cafa1e8a71b5a11789b7434e118342d7cfa
dokku/docs/tls-spdy-support.md
Jose Diaz-Gonzalez 002269a664 Consolidate readme/wiki docs into organized docs folder
2014-10-04 05:01:34 -04:00

2.2 KiB
Raw Blame History

TLS/SPDY support

Dokku provides easy TLS/SPDY support out of the box. This can be done app-by-app or for all subdomains at once. Note that whenever TLS support is enabled SPDY is also enabled.

Per App

To enable TLS connection to to one of your applications, copy or symlink the .crt/.pem and .key files into the application's /home/dokku/:app/tls folder (create this folder if it doesn't exist) as server.crt and server.key respectively.

Redeployment of the application will be needed to apply TLS configuration. Once it is redeployed, the application will be accessible by https:// (redirection from http:// is applied as well).

All Subdomains

To enable TLS connections for all your applications at once you will need a wildcard TLS certificate.

To enable TLS across all apps, copy or symlink the .crt/.pem and .key files into the /home/dokku/tls folder (create this folder if it doesn't exist) as server.crt and server.key respectively. Then, enable the certificates by editing /etc/nginx/conf.d/dokku.conf and uncommenting these two lines (remove the #):

ssl_certificate /home/dokku/tls/server.crt;
ssl_certificate_key /home/dokku/tls/server.key;

The nginx configuration will need to be reloaded in order for the updated TLS configuration to be applied. This can be done either via the init system or by re-deploying the application. Once TLS is enabled, the application will be accessible by https:// (redirection from http:// is applied as well).

Note: TLS will not be enabled unless the application's VHOST matches the certificate's name. (i.e. if you have a cert for *.example.com TLS won't be enabled for something.example.org or example.net)

HSTS Header

The HSTS header is an HTTP header that can inform browsers that all requests to a given site should be made via HTTPS. dokku does not, by default, enable this header. It is thus left up to you, the user, to enable it for your site.

Beware that if you enable the header and a subsequent deploy of your application results in an HTTP deploy (for whatever reason), the way the header works means that a browser will not attempt to request the HTTP version of your site if the HTTPS version fails.

Reference in New Issue View Git Blame Copy Permalink