DokuWiki

Site Tools

Trace: devserver code_deployment selenium_setup_instructions haproxy_changes deploying_learnexa_code devprocess ruby_rails_stack ejs-embedded_javascript selenium_automation_setup_for_java performexa_-_https_support
Hotfix release available: 2025-05-14b "Librarian". upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian". upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian". upgrade now! [56] (what's this?)
Hotfix release available: 2024-02-06b "Kaos". upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum". upgrade now! [54.2] (what's this?)
Hotfix release available: 2023-04-04a "Jack Jackrum". upgrade now! [54.1] (what's this?)
New release available: 2023-04-04 "Jack Jackrum". upgrade now! [54] (what's this?)
Hotfix release available: 2022-07-31b "Igor". upgrade now! [53.1] (what's this?)
Hotfix release available: 2022-07-31a "Igor". upgrade now! [53] (what's this?)
New release available: 2022-07-31 "Igor". upgrade now! [52.2] (what's this?)
New release candidate 2 available: rc2022-06-26 "Igor". upgrade now! [52.1] (what's this?)
New release candidate available: 2022-06-26 "Igor". upgrade now! [52] (what's this?)
Hotfix release available: 2020-07-29a "Hogfather". upgrade now! [51.4] (what's this?)
New release available: 2020-07-29 "Hogfather". upgrade now! [51.3] (what's this?)
New release candidate 3 available: 2020-06-09 "Hogfather". upgrade now! [51.2] (what's this?)
New release candidate 2 available: 2020-06-01 "Hogfather". upgrade now! [51.1] (what's this?)
New release candidate available: 2020-06-01 "Hogfather". upgrade now! [51] (what's this?)
Hotfix release available: 2018-04-22c "Greebo". upgrade now! [50.3] (what's this?)
Hotfix release available: 2018-04-22b "Greebo". upgrade now! [50.2] (what's this?)
performexa_-_https_support

Table of Contents

Performexa - HTTPS Support

“Requirement” and “Design & Implementation” remains same as Learnexa (Referrence: https://wiki.exphosted.com/doku.php/https_support)

HTTPS Migration - app Checklist

1> Change the environments/<environment>.rb file and add/modify the strings below 

APP_URL            = "https://app-url.com"
API_URL            = "https://app-url.com"
AUTHENTICATION_URL = "https://app-url.com"


SSL_ENABLED = true
HTTP_ONLY_HEADER = "HTTP_X_HTTP_ONLY"

2> Update chat.yml 

server: https://app-url.com:5280
bosh: https://app-url.com:5280/http-bind
websocket: wss://app-url.com:5280/websocket

3> Update ejabberd.yml (Path:- /opt/ejabberd<version>/conf/ejabberd.yml) 

listen:
  - 
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
      # "/pub/archive": mod_http_fileserver
    web_admin: true
    http_poll: false
    http_bind: true
    tls: true
    certfile: "/opt/ejabberd-15.04/conf/server.pem"
    ## register: true
    captcha: false

s2s_use_starttls: required
s2s_certfile: "/opt/ejabberd-15.04/conf/server.pem"

4> Get the certificate files needed and add for rails app and ejabberd. (Note: ejabberd expects .pem files) a) For rails app - Configure your server to serve the certificate. b) For ejabberd - place the certificate in /opt/ejabberd<version>/conf/server.pem and restart.

5> Modify Nginx configuration to work with SSL 

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    passenger_root /home/expdev01/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/passenger-5.0.20;
    passenger_ruby /home/expdev01/.rbenv/versions/2.2.3/bin/ruby;
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

server {
       listen         80;
       server_name    performance.exphosted.com;
       rewrite ^/?(.*) https://$host/$1 redirect;
}

server {
  listen 443 ssl;
  ssl on;
  ssl_certificate /opt/nginx/ssl/server.crt;
  ssl_certificate_key /opt/nginx/ssl/server.key;
  server_name performance.exphosted.com;
  passenger_user expdev01;
  passenger_enabled on;
  passenger_app_env staging;
  root /deploy/performance/current/public;
}
}

Developer Notes

1) Generating private SSL Key and Certificate 

openssl req -x509 -new -nodes -keyout server.key -days 365 -out server.crt -config /etc/pki/tls/openssl.cnf

> Country Name (2 letter code) [XX]:IN
> State or Province Name (full name) []: <state_name>
> Locality Name (eg, city) [Default City]: <city_name>
> Organization Name (eg, company) [Default Company Ltd]: <company_name>
> Organizational Unit Name (eg, section) []: <org_name>
> Common Name (eg, your name or your server's hostname) []: <hostname>
> Email Address []: <any_mail>

2) Starting THIN server in SSL mode 

thin start -p 3000 --ssl --ssl-key-file <path to .key file> --ssl-cert-file <path to .crt file>

3) Generating PEM file for ejabberd and placing it to be served.

Take backup of server.pem, present inside /opt/ejabberd<version>/conf, as server.pem.bak Then run this code to replace the .pem file with the generated key and certificate 

> sudo cat <path to .key file> <path to .crt file> > /opt/ejabberd<version>/conf/server.pem

Reverting back to HTTP

1> Change the environments/<environment>.rb file and add/modify the strings below 

APP_URL            = "http://app-url.com"
API_URL            = "http://app-url.com"
AUTHENTICATION_URL = "http://app-url.com"


SSL_ENABLED = false

2> Update chat.yml 

server: http://app-url.com:5280
bosh: http://app-url.com:5280/http-bind
websocket: ws://app-url.com:5280/websocket

3> Revert changes in /opt/ejabberd<version>/conf/ejabberd.yml (## represents code is commented) 

listen:
  - 
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
      # "/pub/archive": mod_http_fileserver
    web_admin: true
    http_poll: false
    http_bind: true
    ## tls: true
    ## certfile: "/opt/ejabberd-15.04/conf/server.pem"
    ## register: true
    captcha: false

## s2s_use_starttls: required
## s2s_certfile: "/opt/ejabberd-15.04/conf/server.pem"

4> Revert back the /opt/ejabberd<version>/conf/server.pem file with the backup taken earlier (server.pem.bak)

5> Revert back Nginx configuration to work without SSL 

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    passenger_root /home/expdev01/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/passenger-5.0.20;
    passenger_ruby /home/expdev01/.rbenv/versions/2.2.3/bin/ruby;
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

server {
  listen 80;
  server_name performance.exphosted.com;
  passenger_user expdev01;
  passenger_enabled on;
  passenger_app_env staging;
  root /deploy/performance/current/public;
}
}
performexa_-_https_support.txt · Last modified: 2018/08/31 16:16 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki